How Five Security Ninjas Keep Their Passwords Secure

(Photo: Ars Technica)

Computer users may think using long passwords will keep their data safe, but surprisingly, even those can be cracked by hackers. For businesses, especially those using the same password for every critical account, this can be frightening news.

So what can individuals and companies do to protect their passwords and keep their data secure?

Ars Technica tackled the question head-on by rounding up five “security ninjas,” elite security experts: Bruce Schneier, renowned cryptographer; Adriel T. Desautels, CEO of Netragard (a firm that gets paid to test companies’ security by hacking them); Jeremiah Grossman, CTO of WhiteHat Security; Jeffrey Goldberg, who describes himself as “defender against the dark arts” at password managing company AgileBits; and Jeremi Gosney, password security expert at Stricture Consulting.

The most common answer the experts gave was to use a password manager to create long, complex passwords that are unique to each account. Software like LastPass and KeePass generate random passwords for users, but passwords can also be manually created, even by simply banging your fingers on a keyboard. Grossman recommends keeping any digital storage of these passwords encrypted.

Only one expert, Desautels, said that he didn’t use a password manager. Instead, he prefers to remember them.

In addition, passcodes that are easy to remember can be a viable option. Schneier described a method he uses which involves picking a long, easy-to-remember sentence, and turning it into a password. One example he gave was “Long time ago in a galaxy not far away at all” becoming “Ltime@go-inag~faaa!” but users should create their own unique sentences.

Some other tips that Ars Technica and the security experts recommend:

• Write passwords down on a piece of paper and keep it in a safe place.

• Treat answers to security questions as passwords themselves. Instead of naming the real high school you graduated from, for instance, use a long phrase instead. Keep these secondary passwords stored safely too.

• Use one email address for all important accounts and for no other purpose. If suspicious emails show up in the inbox, that may be a sign that your data may not be secure.

• Consider keeping a backup copy of all passwords with a person you trust. If something happens to you, this trusted person will be able to pass on the information to access bank accounts, retirement assets and any other important account.

Until technology improves, there’s nothing you can do to keep data completely secure, but by following these tips and using common sense, you or your business will be able to get the most security out of password creation and management.

To read the full Ars Technica article, click here.