Can a password ever be perfect?
Veriff provides identity verification (IDV) for online companies to help them connect with honest people - you may even have been through, or yet to go through, our process. However, not every website requires IDV, but the majority do require one specific piece of security - a password.
Patrick Johnson
With so much of life conducted online, having excellent passwords is absolutely essential. Nearly every time you sign up for a website, you’re asked to create a password. And more often than not, you’re giving that website some amount of personal information. Maybe just your name and email address, but that alone can be a risk to you and your identity.
The difficult reality is that people have created numerous programmes designed to crack passwords, break into people’s accounts and steal identities and much more. So if your password lacks complexity, you’re leaving yourself open to a number of potential crimes.
With this in mind we decided to offer some advice on how to keep your accounts as secure as possible, and stop prying eyes gaining access.
Passphrases, not passwords
The first piece of advice comes from a man who knows a thing or two about security - Edward Snowden. We won’t go into his backstory here (they’ve made a movie about it, in case you want to catch up!), but the short version is that he was a whistleblower who leaked evidence of massive global surveillance. See - he knows a thing or two about people being watched online.
In 2015, he spoke to British journalist John Oliver on his show Last Week Tonight, and in under 3 minutes gave some of the best advice around passwords you’re ever likely to hear. Watch it, and then come back.
His advice was to create passphrases, not passwords. So taking a memorable phrase, adding some alterations, and remembering that. Say Ver1ffIzth3gr8e5t for example (or ‘Veriff is the greatest’ in plain English). It’s far harder to hack than your dog’s birthday, or your first address.
And once you’ve entered a passphrase like this enough times, it tends to stick in your memory. But of course, you shouldn’t use the same passphrase everywhere, so how do you remember them all?
Get someone else to remember them
This is where we come to password managers, their simplicity, and their brilliance.
If you’re yet to start using a password manager - we would highly recommend it. It will securely store all of your passwords in one place, and is normally accessible online and via an app. The majority of password managers also feature browser plugins, so they can autofill passwords for you as long as you’ve signed in for them.
And this means you only need to remember one super crazy passphrase - which lets you get in to your password manager!
So which to choose? Well here are five of the best password managers out there you might want to look into:
No matter which you choose - taking the time to set up and use a password manager is worthwhile. It will improve your personal cybersecurity immensely. Snowden would be proud.
There’s no such thing as too careful
There’s one more added element when it comes to security online that’s worth mentioning here - two-factor authentication. Sometimes called 2FA.
2FA adds an extra layer of security on top of your password, and is easy to set up once you’ve got the knack of it. Not every website offers 2FA, but for those that do, it’s worth adding. You could start with adding it for your email client (Gmail, as an example, encourages use of 2FA).
The easiest way to set it up is by downloading an authenticator app for your smartphone - Google Authenticator is normally the default, but others are available. You can then follow the setup process on any website offering 2FA, normally involving scanning an onscreen QR code, to add this website to your authenticator app.
You don’t normally have to go through 2FA every time you log in, more like once a month, but you’ll be asked for the code that is showing within your app at that moment. And what you’ll notice is that the codes are constantly refreshing, making them far harder to hack or guess. Nifty stuff.
What to do now?
Well, for a start, you can go and check how secure your password is. There are a lot of different ways to do this online, and a lot of password managers offer this as a standard feature.
And then it’s up to you - we’d recommend getting your hands on a password manager, and setting up 2FA, and doing whatever you can to keep yourself safe online.
Veriff is here to help companies welcome honest people, and we’d love the honest people to be safe in everything they’re doing as well. So can a password ever be perfect? Perhaps not, but with a passphrase, a password manager and 2FA, you’re a lot close to password perfection.
