Paul Begley Blog

Tips I’m sharing with family and friends. I use a password manager (LastPass) and MFA for all accounts that have monetary or business value (including Amazon, Google, all accounts that involve money).

Password Recommendations

1. The smartest choice for all users is to pick unique passwords for every site.
2. Password managers are ideal for people in the habit of re-using passwords, because:
   1. You only need remember one (strong) master password to access all of your stored credentials.
   2. If you don’t trust password managers and have trouble remembering complex passwords, consider relying instead on password length.
3. Focus on picking passphrases instead of passwords.
   1. Passphrases are collections of multiple (ideally unrelated) words mushed together.
   2. Add numbers and special characters if required – example: Eat figs daily99!
      
   3. Passphrases are not only generally more secure, they have the added benefit of being easier to remember.
4. Enable Multi-factor Authentication (MFA) for all accounts that support it (bank, credit cards, Amazon, Google). 
   1. This approach adds a second step to the sign in process, usually in the form of a confirmation text sent to your phone, a security question, or a token provided by authenticator apps.
   2. MFA provides another layer of security to your password that doesn’t rely on you to remember anything.
5. Finally, there’s absolutely nothing wrong with writing down your passwords, provided
   1. You do not store them in a file on your computer or taped to your laptop
      AND
   2. Your password notebook is stored somewhere relatively secure – not in a purse or car, but a locked drawer or safe.

Reference Links

World Password Day 2021: ‘123456’ is still a bad idea
https://www.acronis.com/en-us/blog/posts/world-password-day-2021-123456-still-bad-idea

The Wages of Password Re-use: Your Money or Your Life
https://krebsonsecurity.com/2021/05/the-wages-of-password-re-use-your-money-or-your-life/