Hello friend,
It has been over a month now that I've launched my blog. It is time we talk again.
This time we need to get serious and talk about this addiction of ours. You might ask what are you addicted to? In case you didn't know, and I sure hate to break you the news, but we are strongly addicted to passwords. Our passwords addiction seems to be going back to the days where computers were thought to us. We were told that if we wanted to be secure and protect our online identity we needed to password protect everything. What our lives would be without passwords, sure they would tend to make our lives easier, but it would also make it easier for anyone with bad intentions to break into your accounts and steal all your data or money. However, are they enough these days?
First, let us start by defining what is a password. According to a very lenghty research that could have had occurred over the span of a few seconds on Google I did. A Password is a word, phrase, or string of characters intended to differentiate an authorized user or process; for the purpose of permitting access; from an unauthorized user, or put another way a password is used to prove one's identity, or authorize access to a resource.
But here's the problem with passwords. Every account we own has one, and then, our account manager or employer wants us to change it every odd days. And using the same password on different sites is a big security risk. That being said and humans being humans, passwords are horrible! Sure you can force your users to use a 16 characters password with uppercase, lowercase, numbers and special characters. Block them from using the last 1000 passwords, deny them from using any password found in a leaked dababase, however it still does not prevent the user from using something silly like ThisIsMyNewPasswordFor2022! as it technically meets all the requirements, not likely to be leaked but still not very secure.
Passwords are kind of becoming thing of the past. They need to be discarded with the VCRs and Sony Walkmans. If we want to keep our accounts secure we need more, passwords aren't enough anymore. Okay, but how do I secure my accounts you may ask?
I am glad you asked! There are more modern authentication methods that for example will need the use of a physical key in addition to a password for added security. Windows and phones now offers fingerprints and face recognition as an authentication mechanism. They sure add a level of security to any accounts. However the best security is where you can mix between the different authentication possibilities between:
Something you know, like a passphrase.
Something you have, like a phone with google authenticator.
Something you are, like your face or your fingerprint.
If you absolutely have to use a password, I would recommend to set your password to something very long and use a password manager like Lasspass or Bitwarden to store your very random and difficult to remember passwords. If possible, lock your password manager with a second factor authentication like Microsoft or Google Authenticator, or even better, get a Yubikey they are great as long as you don't lose your key.
I hope you found this password talk interesting!
Talk to you next time!
-cyco
Comments