National Edition

Secret security: The only password you'll ever need

Published: Thursday, Feb. 6 2014 4:00 a.m. MST

As major database breaches expose millions of emails and passwords, there are simple ways to make passwords easier and more secure.


Among the 153 million user accounts hacked at adobe.com in Oct. 2013 were three belonging to Troy Hunt.

As his website about security breaches, haveibeenpwned.com, says, those Adobe accounts included usernames, email addresses and password hints. The accounts' passwords were not encrypted very well by Adobe and many were cracked by the hackers and posted on the Internet. The password hints were not encrypted at all.

Hunt, who is a security researcher in Sydney says the attacks should be a timely reminder for people about their online account security.

"We protect a lot of our lives with passwords," he says. "It is one of things we deal with every day."

When Hunt found out about the hack, he changed his passwords and information on adobe.com, a website that integrates with its products such as graphic design Photoshop and Illustrator. Hunt probably beat the hackers before they could decrypt his passwords. Other people, however, had such easy passwords that it took little effort for the hackers to crack them. Passwords such as "123456," "password" and "qwerty," for example, didn't offer much resistance.

A survey by U.K.-based data company Varonis found that 91 percent of people assume that businesses are protecting their data — even though 93 percent of large organizations and 87 percent of small businesses reported some level of data breaches in 2013.

Just last week, Yahoo reported that hackers used information, probably from an outside source, to access the emails and passwords of many Yahoo email users.

Julia Angwin, senior writer at ProPublica, says people are beginning to realize they need to be more sophisticated about their passwords. "People are not trying hard enough to make their passwords hard to crack," says Angwin, who is the author of the forthcoming book, "Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance."

At stake is everything people have online. Personal information. Banking accounts. Shopping accounts such as Amazon or eBay.

Angwin, who lives in Harlem, N.Y., says email is the most critical item. "It can be the key to unlocking all your other online accounts," she says. "Email is even more important than banks because banks can give fraud protection."

Hunt says he has about 300 different online accounts and as many passwords. The majority of people (54 percent) say they only have one to five passwords they use.

The problem is, according to a survey by identity protection company CSID, 61 percent of people reuse their passwords for multiple sites — making it even easier for hackers who hack one password to gain access to several online accounts.

One password

Hunt, the guy with 300 passwords, describes the perfect password as something that is against the norm. "You need long, random and unique passwords across every one of your online assets," he says.

This means no duplicates.

This also means a big problem.

"As soon as you say it has to be unique, it is not something you can really commit to memory," he says.

And writing passwords down where they can be accessed easily or putting them in a Word document on a computer is not a good idea.

Hunt's solution is to use a password manager — a software program that stores each website's password in an high-level encrypted file that he can access whenever he needs to log onto a website. To open that file, all he needs is to remember one password.

Hunt uses the program 1Password by Agilebits as his password manager. There are many other similar products such as LastPass. Apple products also have an integrated password manager called Keychain Access.

Try out the new DeseretNews.com design!
try beta learn more
Get The Deseret News Everywhere