Internet Security Basics, Part 3: Passwords and MFA | News

While Microsoft and other companies have been trying to move us into a “passwordless future” for years, passwords and all their hassles are the current reality.

So put on a happy face and learn to love secure passwords because that’s what it takes to stay safe on the web.

So, what makes for a strong password?

First, we should forget old password advice from twenty years ago, such as: (1) passwords only need to be eight characters long. Not true; has not been true for a long time; (2) “My password must be something I can remember.” No that is not allowed; we don’t have to remember our passwords. We have computer programs, such as password managers and browsers, to remember them for us. Even a well-hidden notebook or piece of paper can be a viable password repository; (3) it’s okay to use the same password for all my accounts, as long as it’s complicated with uppercase, lowercase, numbers, and symbols.

Not true, has never been true. If a bad guy knows your password, and it’s the same for all your accounts, he can access all your accounts, no matter how complicated you made it. Strong passwords are long.

They contain many characters. This is the rule that annoys people the most, because they think they can’t remember a long password when they really don’t need to. See number 2 above.

You also need unique passwords for every account you have, whether you think it’s an important account or not. See number 3 above.

There are only two ways to store your passwords: (1) using a password manager, such as Dashlane, or (2) in a notebook hidden in your house. Be sure to date each password, be precise in how you write it, and note which account it is for.

Uppercase, lowercase, numbers, and special characters are fine, but it’s the length that makes a password stronger, not the complexity. You can use a “passphrase” made up of real words if you wish.

It should be at least five words, and again, the longer the better. Add a number and a special character to make it even stronger. Do you want minimum security or maximum security?

Passphrases also shouldn’t be a sentence that makes sense, like “Mary had a lamb” or “Previous football was number one.” It should be more like “bucketTrainer antenna paperjack.”

You could remember that if you had to, and it’s a whopping 27 characters long, but luckily we have password managers and notebooks to remember things for us. Dashlane (, KeePass (, and Password Safe ( are all good choices for free password managers.

Two-factor authentication (2FA) and multi-factor authentication (MFA) are terms that describe the same thing: a way of presenting additional evidence (called “factors”) to prove that you are who you say you are when you try to sign into an online service.

Factors include something you have (such as a bank card), something you know (such as a password or PIN), something you are (biometrics, such as a fingerprint or other physical identifier unique to you), and somewhere where you are (such as connected to a specific network or location information such as GPS).

The old username/password model uses only one “factor”, which is the password. One reason for having a different “factor” is that so many password databases have been hacked and exposed to anyone who wants to look.

Some people are also guilty of using weak, easy-to-guess passwords that they never change. Yet another reason to need another “factor” is that too many people use the same password for all their accounts.

Having more factors makes it harder for the wrong person to access an account.

It is important that everyone starts using MFA/2FA as soon as possible. We have too much to lose and too many internet crooks out there willing to help us.

For more information visit davemoorecomputers.comsearch for MFA and read the three columns there on the topic.

Next week: security questions.

Leave a Comment

Your email address will not be published. Required fields are marked *