Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Securing Your Passwords

Tuesday, April 11, 2017 16:40

Virtually everyone has to remember at least one password, and most of us have to remember quite a few.  The tricks we use to keep track of these passwords might be convenient, but it’s worth considering if we can find a more secure way.  Here are a few tips to get us started.

Writing Down Your Password

If possible, don’t write passwords down.  It’d be very easy for someone with ill intent to grab a sticky note from a desk.  If it must be written down, be sure to remove the context.  For example, if the note with the password for a particular computer is stuck to that same computer, it’s clear what the password is for.  Likewise, if the password for an email account is written on a note without the email address it belongs to, it would difficult to figure out what the password is for.  Remove the context and it will be much more secure. Again, however, if at all possible, do not write passwords down.

Password Storage

Figuring out how to remember all of our passwords seems to be the glaring issue here.  The good news is that we don’t have to.  There exists what are called “password safes”, which are basically just software applications that store passwords for us.  The software uses encryption to keep the passwords hidden, so it is much more secure than writing the password down.  There are many options for password safes and many of them are free.  A good place to start would be to search for KeyPass or LastPass, but there are plenty of worthy alternatives.

Password Sharing

At some point, we may have to figure out how to get a password to another individual.  Luckily, there are some best practices for this as well.  First, don’t send a password through the body of an email.  This is not considered secure.  There are ways to store a password in an encrypted file and send the file via email, and various other similar methods.  Communicating a password over the phone is acceptable, as a typical phone line conversation isn’t easily intercepted by a third party like an email can be.  A better option, however, is to use password sharing features available in the earlier mentioned password safe applications.  Most password safes have the option to share a password securely with another individual who owns the same software.  This is an especially attractive option for businesses, as it allows for secure password sharing and storage across the board.

Password Best Practices

We not only have to minimize the chance that someone will guess or steal our passwords, but we also have to know what actions to take if they do.  One great method to deal with this is to use different passwords for each service.  This way, if someone gets hold of a password for one service, every other service won’t be compromised as well.  In this case, we would only have to reset our password for one service instead of multiple services.  Further, this makes identifying the service that leaked our password much easier.  The password safes mentioned above make it easy to keep track of multiple unique passwords, and some will even generate passwords set to your specifications.

It should be mentioned that nothing will guarantee that our passwords won’t fall into the wrong hands at some point, but each of the above tips will bring us one step closer to reducing the chances of a compromise occurring.