Mar 8, 2014
Privacy Tools: How to Build Better Passwords
Posted on Jan 21, 2014
By Julia Angwin, ProPublica
In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of blog posts, I try to distill the lessons from my privacy experiments into a series of useful tips for readers.
Passwords are the first line of defense between your private data and an attacker—whether it is a criminal hacker or a spy agency.
But most of the conventional wisdom about building passwords is terrible. People are often told they should change their passwords every three months; that their passwords should be made strong with multiple symbols and letters; and the passwords should not be written down anywhere.
It’s actually better advice to choose a more secure password and write it down somewhere in a safe place. After all, it’s much less likely that someone will break into your house and steal your master password list than it is that someone will hack into your account from afar through a weak password.
However, even if you write down your passwords, you still face the difficult task of dreaming up the dozens of passwords that seem to be required for modern life. At first, I tried to make up my own passwords, but after I stumbled on this password-strength estimator, I realized that many of my homegrown passwords were still easy to crack. So, after much searching for a perfect password strategy, I came up with a two-tiered solution for building strong passwords:
This XKCD comic nicely sums up the beauty of the Diceware approach.
New and Improved Comments