Privacy Tools: How to Build Better Passwords
Privacy Tools: How to Build Better Passwords
By Julia Angwin / propublica.org
Jan 21, 2014

In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of blog posts, I try to distill the lessons from my privacy experiments into a series of useful tips for readers.

 

Passwords are the first line of defense between your private data and an attacker – whether it is a criminal hacker or a spy agency.

But most of the conventional wisdom about building passwords is terrible. People are often told they should change their passwords every three months; that their passwords should be made strong with multiple symbols and letters; and the passwords should not be written down anywhere.

Computer scientist Ross Anderson has summed up this terrible advice as “Choose a password you can’t remember, and don’t write it down.” Faced with that impossible task, most people use passwords that are easy to remember – the most popular password is still 123456 – and use it for every single account.

It’s actually better advice to choose a more secure password and write it down somewhere in a safe place. After all, it’s much less likely that someone will break into your house and steal your master password list than it is that someone will hack into your account from afar through a weak password.

However, even if you write down your passwords, you still face the difficult task of dreaming up the dozens of passwords that seem to be required for modern life. At first, I tried to make up my own passwords, but after I stumbled on this password-strength estimator, I realized that many of my homegrown passwords were still easy to crack. So, after much searching for a perfect password strategy, I came up with a two-tiered solution for building strong passwords:

  • For less important passwords – such as for my frequent flier and online shopping accounts – I used password management software called 1Password to generate and store passwords. Like its competitors, LastPass and KeePass, 1Password generates strong passwords from strings of letters, numbers and symbols and stores them on my machine in an encrypted file.
  • For more important passwords – such as the password to my 1Password vault, my e-mail and online bank accounts – I used a simple, low-tech passphrase-generating system called Diceware. It works like this: roll a six-sided die five times, then take the numbers you roll and match them up to the Diceware word list, which contains 7,776 short words. This will give you a five-word passphrase that is hard for attackers to crack, but easy to remember.

This XKCD comic nicely sums up the beauty of the Diceware approach.

 

4.0 ·
1
Trending Today
Revolution and American Indians: “Marxism is as Alien to My Culture as Capitalism”
Russell Means26,029 views today ·
15 Powerful Quotes From the World's Most Humble President
Hyacinth Mascarenhas12,600 views today ·
History Tells Us What May Happen Next With Brexit and Trump
Tobias Stone7,744 views today ·
MP Says Government is Intentionally Making People Destitute to Prevent Organised Opposition
2 min6,694 views today ·
Welcome to Marinaleda: The Spanish Anti-Capitalist Town With Equal Wage Full Employment and $19 Housing
Jade Small3,591 views today ·
Every Town Needs a Remakery
Jeremy Williams3,414 views today ·
Today I Rise: This Beautiful Short Film Is Like a Love Poem For Your Heart and Soul
4 min3,184 views today ·
Debating the British Empire's 'Legacy' Is Pointless - This Is Still an Imperial World
Ibtisam Ahmed2,816 views today ·
Without Saying a Word This 6 Minute Clip From Samsara Will Make You Speechless
6 min2,555 views today ·
Load More
New
Trump is a Symptom of Corporate Globalization
Helena Norberg-Hodge
Up Close and Personal With Norwegian Orcas
2 min
An Inconvenient Sequel: Truth To Power
3 min
Why Did Activists Chain Themselves to the Runway at Stansted Airport?
Plane Stupid
Rosie the Riveter for the 21st Century: You Dreamed, We Drew
Jennifer Luxton
Meet The Woman Rescuing Fruit and Feeding Her Community
2 min
Debating the British Empire's 'Legacy' Is Pointless - This Is Still an Imperial World
Ibtisam Ahmed
9 Times Video Games Were Great for Mental Health
Marijam Didzgalvyte and Jish Newham
What is Populism?
6 min
Load More
What's Next
Sen. Al Franken: Comcast-Time Warner merger "would be bad for consumers"
5 min
Join Congressman Wexler's Call for Cheney Impeachment Hearings
2 min
Freenet? (trailer)
4 min
Like us on Facebook?
Privacy Tools: How to Build Better Passwords