Here's the END of Weak Passwords
I am going to have to find a new pet peeve to write about when other topics fail to inspire me. My old standby, “weak passwords,” is now defunct. There is no longer any excuse for using a lame, easily guessed password like 'monkey' or '12345678.' None! Read on to learn why... |
How to Generate Strong, Secure Passwords
You might think you've made up some pretty clever passwords, but the rules imposed by many online services actually make them less secure and more easily guessable. For some background on that, see my article Here's Why Your Password is Hackable.
Google put the first nail in weak passwords earlier this year. Apple, with its recent release of iOS 12, sealed the coffin airtight. The two mobile operating system leaders have independently (right, Mr. Cook?) implemented a security scheme that covers email, websites, desktop or mobile apps, and anything else that requires a password.
You no longer need to waste brain cycles to concoct a password, type it into a box, remember it or (Heaven forbid) write it down somewhere, lose or forget it, and go through the “reset password” ritual. In fact, you don’t even have to know what your password is!
You may remember that I've written about password managers for desktop and laptop computers. See Can This Robot Manage Your Passwords? and Dashlane's Free Automatic Password Changer. Those apps work great to automatically generate strong, secure passwords, but they make it difficult when you need to login to those apps or websites on a mobile device that doesn't have access to those stored passwords. Who can remember a random 24-digit password, and successfully enter it on a tiny smartphone keyboard?
But now, a virtually impregnable password is available to you on any mobile device, laptop, or desktop PC, and it doesn’t matter what operating system or browser your device uses. Here's the scoop:
Apple calls this miraculous feature “Password Autofill.” It’s been part of the Safari browser for years, automatically authenticating identities using FaceID, TouchID, or a PIN. It expanded beyond the browser in iOS 11. Now, with iOS 12, Password Autofill integrates with popular password management apps like Roboform, 1Password, LastPass, Keeper, and Dashlane. These and other password management apps are available to their users everywhere a password is required (except on a few apps that are slow to adopt this critical technology. We will see how the free market treats those lackadaisical developers.)
Google introduced third-party password manager integration back in April, 2018, with Android Oreo, allowing you to use your favorite password manager app for all logins. Apps such as LastPass, Dashlane, Keeper, or 1Password provide ways to generate long, highly randomized passwords that are very difficult and expensive to crack. They store those formidable passwords in equally hacker-resistant vaults out there in the cloud. They recognize when a password is needed, and they feed the right password to a mobile app or desktop website that is hungry for it.
No More Excuses for Hackable Passwords
Cost is no barrier; the free version of LastPass handles everything described above. It works on Windows, Mac, Linux, iPhone and Android devices. Supported browsers include Chrome, Firefox, Internet Explorer, Edge, Safari, and Opera. So you're covered across the spectrum of desktop, laptop and mobile logins.
The only hurdle to jump is the mountain of bad passwords that you have already used. You will have to change every one of them to a strong password generated and stored by LastPass or one of the other password managers. That’s a bit of work for you, but it’s got to be done for the good of everyone. Just change a few bad passwords per day, starting with critical accounts such as email, banks and medical sites. In a few days, you should be free of weak passwords.
You may be wondering if this helps if you have an older mobile device that's not running Android 8.0 or iOS 12. Yes, it does. You can still use a password manager app on your mobile device, even if it's not integrated with the operating system. For example, I use Roboform on my desktop computer to generate and store passwords. My old smartphone will never be upgraded to the latest version of Android, but I can still use the Roboform app on it to look up a stored password and manually enter it. A bit more work, but much more secure than using weak passwords.
You owe it to yourself and your family to secure your online accounts with strong passwords. Now that it’s so easy, there is absolutely no excuse to not do it. The only password you will need to remember is the master password that unlocks your password manager. Just please don’t make it “qwerty” or “password!”
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 1 Oct 2018
For Fun: Buy Bob a Snickers. |
Prev Article: [TIP] Windows Automatic Maintenance |
The Top Twenty |
Next Article: New Tor Browser Is Surprisingly Polished |
There's more reader feedback... See all 33 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Here's the END of Weak Passwords (Posted: 1 Oct 2018)
Source: https://askbobrankin.com/heres_the_end_of_weak_passwords.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Here's the END of Weak Passwords"
(See all 33 comments for this article.)Posted by:
Louise Smith
01 Oct 2018
I OBJECT!
#1 I do NOT WANT my PHONE password protected or otherwise LOCKED so that in an emergency ANYONE picking it up cannot use it!! I do not use my phone as a computer, I use it as a PHONE!
Yes, someone could get my contact information . . . Oh, and by the way they could find my emergency contact information when I have had a stroke and am lying in the middle of the street!!!
I think we need a way to SEPARATE communication from "computer applications" if they are both going to reside on a PHONE.
#2 I will be darned if I will trust my passwords to an online service that can be (and has been) hacked! I have an encrypted file for passwords on my computer and on my phone that is password protected. I have used this system for going on 20 years now and find it much safer than a password manager that has been hacked! (Secret! by linkesoft)
#3 I particularly do not want a face ID, fingerprint scan etc to unlock my phone or computer. I am over 70 years old and I do not want my family locked out of these devices when I DIE!!! Like most people today, ALL of my financial records are on my computer! All my family needs to have is the password to my encrypted file and they can access any information they need. Can you imagine having to hold up my dead body in front of the computer to access that information to settle my estate!!!
Posted by:
MmeMoxie
01 Oct 2018
@Ken Heikkila ... Just to let you know that RoboForm has the same problem. There are several websites passwords that RoboForm or LastPass were not able to "fill-in" and it was very frustrating for me, as well.
My financial institution will not allow any password manager to "fill-in" for you ... You must do it yourself. Somehow, they are tracking keyboard logging, so see if a person is actually signing in. For my protection on that ... I use KeyScrambler and my key logging is scrambled to other eyes.
Posted by:
gene
01 Oct 2018
I've been using Blur by Abine for three years, it integrates across all my devices and browsers, Windows, Apple and Mac. Safari tried to disable it when I updated to 12 but it was easy enough to override that. I've had no problems with it, it can be customized at any website that has special requirements (and some do), it's flexible and useful. I've compared it to others as renewal was coming up and it has everything the "name" ones do.
I'd never use a cloud based password manager and certainly not one Google puts out. I don't even use Chrome but less than 1% of the time, just because they're so dang arrogant in deciding for me what my browser should look like. I customize and anything that doesn't let me do that the way I want, let alone tracks me everywhere I go is not my friend. Evil Empire and all that.
Posted by:
Gary Hitchcock
01 Oct 2018
Medical sites of all types are the worst. Eight characters max and no symbols. Many assign a trivial, easily guessed password and DON’T LET YOU CHANGE IT!
I’m 78 years old so I’ve had plenty of experience with medical potrals, etc.
Posted by:
Allen
01 Oct 2018
I have been using LastPass for a few years for some of my passwords (not the critical i.e. banking ones). What I do not like about it is that I have to type in the password for LastPass every time I need it to get my password. (I suspect this is a recent change). Surely if some hacker managed to put a keyboard monitor on my computer that escapes detection of my antivirus software, then all is lost?
Posted by:
Dan
01 Oct 2018
@MmeMoxie - Good job working out the real problem. The time /date mismatch came to mind because we intermittently see it at my work (smallish school system with 500 computers). A student computer that hasn't been pulled out of the storage cart for a while will sometimes lose track of time - especially if the CMOS battery is beginning to grow weak.
A quick check of forums turned up plenty of financial practice / ethical complaints about BitDefender, but no specific operating problems as you reported. It is possible that BD and some other AV product will run well separately but will not play together nicely.
The school runs only the educational version of Avast; the only infection in three years that wasn't caught at the source came from an infected flash drive brought in by a clueless teacher.
FWIW, I run only the paid version of AntiMalware Bytes on my personal main and financial computers and let AVG Free take care of the subsidiary/ refurbished computers I handle and repair. AVG nags a LOT but seems to do an acceptable job.
Posted by:
born2sail2
01 Oct 2018
I noticed you didn't mention Keepass. Do you have an issue with it?
Posted by:
Graham
01 Oct 2018
Has anyone ever considered using Keepass?
I have used it for 10 years now without any problems.
The program and data is stored on a flashdrive, there is a master password to open files and you can then drag and drop your user encrypted name and password into the password box.
Nothing stored in the cloud and its FREE.
Of course you will need a backup on a seperate flashdrive stored in a safe place.
Posted by:
Bob K
01 Oct 2018
I'll just wait to do anything until Bob writes an article titled:
"Here's the END of Passwords"
-Bob K
PS: I am certain that I will not hand over all my "weak" passwords to anybody.
Posted by:
Donald Morgan
02 Oct 2018
Try NORTON password generator. It works and will sign in to banking sites thru Norton identity safe.
Posted by:
NB
02 Oct 2018
Mark comments that Enpass keeps my passwords encrypted on my computer, and not on their server.
He also comments that Enpass can automatically send a new password to a destination website such as my bank.
The inference of the first statement is that Enpass' has no record of my passwords.
But if the program can send my password to the bank, how can I verify that it does not send the same information to Enpass?
Posted by:
sirpaul2
02 Oct 2018
@MmeMoxie - Straight from Bitdefender's website:
"This issue occurs when a web browser is accessing a website that has a security certificate installed (for SSL/TLS data encryption) which cannot be verified or installed by the web browser.
To solve this issue, we recommend you to temporarily turn off the Scan SSL feature in Bitdefender as follows:
1. Bring up the main Bitdefender interface.
2. Click on Modules in the bottom left corner.
3. Choose Web Protection from the Protection tab.
4. Use the switch to temporarily turn off Scan SSL feature.
Now close the Bitdefender window and try to access the webpage again."
Posted by:
Samantha
02 Oct 2018
I have used Mask Me now taken over by Blur but still using original for some 13 years. Can sync it and easy for reinstall etc. Never had a problem getting into any site including bank.
So will stick with it.
However I do have a problem Bob may know about but no answer I've found - now and then my pc starts to type backwards.
Posted by:
Graham
02 Oct 2018
Samantha,
PC starts to type backwards?
Don't worry there are support groups for it, or you could view your PC through a mirror.
Sorry,had to say this.
Posted by:
Ashland
03 Oct 2018
Re: Bitdefender
Had same issues as MmeMoxie. Finally gave up and now use Windows built in antivirus.
Posted by:
Jim Rapp
04 Oct 2018
I thought LastPass sucked up your password and changed it to a random password of its choosing. What am I missing?
Posted by:
Robert
04 Oct 2018
I had endless trouble saving pw's in Dashlane free pw manager, the next time I logged into a site the pw would be rejected, so I was endlessly making pw's which again were rejected on the next login, until I twigged that Dashlane free saved the pw but only stored about 16 of 20 digit pw's which I had saved so the next time I logged in they were bound to be "wrong password" it does sometimes give up offering to save pw's I also wonder if it's Chrome at fault
Posted by:
J M
05 Oct 2018
Here's my easy password generating scheme I've used for years. I've got 5 pages of passwords that I update in excel.
If I misplace my print out, or someone were to get my list - they wouldn't be able to figure out any password.
I use my past home street names and a two digit address of an old address.
Of course, if you've only lived at one address, you'd be limited to your passwords.
But instead of using past addresses, you can use past schools, past jobs, past wives, past cars, etc.
A written coded password would look like this : Born Home + 1st Home + 2nd Home Number.
Or, 3rd Home + Where Worked + 2nd Home Number.
Works foe me. Happy with Sticky Password.
Posted by:
Charles Cochran
06 Oct 2018
Been using keepass for a whole bunch of years and it has never let me down. I have a bit of an issue if I'm on my admin account because I don't know how to share access to the database across accounts, but that's a MS (or user knowledge) issue, not keepass.
Posted by:
Floyd Wiseman
07 Oct 2018
I understand that LastPass will work on desktops and mobile phones. What about accounts that are accessed on streaming devices, such as Netflix on an Amazon Fire?