Episode: 2727
Title: HPR2727: Passwords
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2727/hpr2727.mp3
Transcribed: 2025-10-19 15:45:25

---

This in HPR episode 2,727 entitled Passwords and in part on the series Privacy and Security,
it is hosted by Edward Miro and in about 8 minutes long and Karima Clean Flag, the summary
is how to do Passwords better.
This episode of HPR is brought to you by an honesthost.com.
Get 15% discount on all shared hosting with the offer code HPR15, that's HPR15.
Get your web hosting that's honest and fair at An Honesthost.com.
Hello and welcome to Hacker Public Radio, I'm Edward Miro and for this episode I decided
to record an episode on the importance of good passwords.
This will be part 1 in a series of podcasts I'm going to call Information Security for
everyone.
As with most of the content I create in the world of InfoSec, my goal is to present the
information in a way that a majority of people can get value from it and anyone can play
this for a friend, colleague or family member and make it easy for the non-hackers in our
lives to understand.
So here we go, Passwords.
One of the first things most people think about when it comes to online safety is their
password.
We all know that passwords are to our online accounts, what keys are for our locks.
Would you use the same key for your house, your car, your office and your safety deposit
box?
Of course not.
And if you did, what would happen if a bad guy could get a copy of just that one key?
They'd have access to everything.
With so much of our personal, confidential, financial and medical information accessible
from our various accounts online, what can we do to make things as safe as possible?
For me personally, I employ and advise a three-faceted approach.
One, complex passwords, two, unique passwords, three, two-factor authentication were available.
Clearly the solution is to use a unique password for each account and make them complicated
enough that an attacker couldn't guess it or crack it in an amount of time that would
be actionable.
One problem this presents to general users is the inconvenience and difficulty in remembering
these passwords or storing them in a secure way.
This leads into my first bit of advice, password managers.
My recommendation is to use a password manager.
I'm going to make references to managers such as LastPass because that's the one I've
always used, but I'm not saying it's the best or would be the best for you.
There are many great options and I would rather people use the one that works best for them
and not merely the one I like best.
Anyways.
Once like LastPass, give you the ability to store all your passwords in an encrypted
vault and then request them to your browser, add-ons, or standalone applications.
They also have built-in features that allow you to generate secure passwords at any length
or complexity.
When using a password manager, all you have to do is remember one master password.
When you sign in, the manager can then decrypt all your safe passwords and let's use them.
When I sign up for a website, I always use LastPass to generate the longest and most
complex password supported by the site and it gets stored automatically in my vault safely
for later use.
There are various options online to choose from and I suggest you do some research and
try a few different ones to see what is comfortable for you.
One thing to consider when using a password manager is that the master password is your
single point of failure and it should be a long and complex password that you don't use
anywhere else.
If you're wondering how to come up with a secure password that you can remember, there
are various strategies online but I follow in iteration of the following.
Take a poem, song lyrics, or phrase that is easy for you to remember.
For this example, I'll use the phrase, the stars at night are big and bright, deep in
the heart of Texas.
And then I take the first letter to each word and that gives me capital T, S-A-N-A-B-A-B-D-I-T-H-O
capital T.
Then I swap out the vowels for some numbers or special characters and that gives me capital
T, five at N, at B, at B-D-1-T-H-0-T.
I checked that password on Dashlane's password strength checker and got the following results.
It would take a computer about 204 million years to crack your password.
And that's just an example of a very secure password that I thought up in just a few seconds
that I probably won't ever be able to forget.
Next section, 2FA or 2 Factor Authentication.
Another very important recommendation I want to touch on in this episode is using 2
step authentication.
I use it for all accounts that offer it and it's very easy to set up and use.
It works in tandem with an application on my mobile device called Google Authenticator
though there are others and like last pass this is just the one I use.
And it's available for Android and iOS.
After you install the app, you access security settings for the account you want to protect
and register it with your device.
What it does is provide a second password when logging in that is only used one time
ever.
When you log in, the site will prompt for the 2 step authentication code.
You then open the Google Authenticator app and the code for the session will be listed.
The codes are only available for a short time and are constantly changing.
This makes someone gaining unauthorized access to your account very difficult.
A few closing thoughts.
Some information security professionals see a password manager as insecure due to it being
a single point of failure.
And I can understand this and would respond that although this might be true, having a complex
master password and using the manager in conjunction with 2 step authentication makes
it a pretty safe and solid system for most people.
And even if there is a breach, none of my passwords are the same and changing them is incredibly
fast and easy with a manager.
Also I don't usually recommend keeping hard copies of passwords, but if you can guarantee
the physical security of your password list, this in my opinion is preferable to using
the same insecure password for all your accounts.
Please remember, if you're like most people on the internet and using easy to crack password
or the same password on all your sites, all it takes is one compromised account to give
bad guys access to everything.
I'm also including a list of links in the bottom of the show notes to everything I mentioned
and also a link to the site have I been poned.
This is a service that collects accounts that have been involved in hacks and lets anyone
search for their email address and see if their information is already compromised.
If it is, do this right now.
One, set up a password manager with a strong master password.
Two, change all your passwords using the built in password generator and your password
manager and save them in your vault as you go.
Three, in the future when breaches happen it's incredibly easy to change your password
and you'll also rest easy knowing that the password obtained can't get them into anything
else.
I know this will take a long time, but it's worth it, then you only have to remember
one master password and you'll be exponentially safer online.
I also linked splash data as the top 100 worst passwords of 2018.
Give this a look just so you can see what most people are using which is shocking and
please don't ever use anything on this list.
Well thank you for taking the time to listen to my basic introduction to passwords.
I hope this will help any non-hackers in your life and like I say in all my podcasts,
I don't claim to know all there is to know and love feedback and any opportunities to
learn more or collaborate with others in the field.
As with most of the research and articles I've written in the past, these are geared
towards standard users in a business setting and are meant to be a jumping up point for
further research and to be a foundation for cyber security 101 level training classes.
If you like what I do and want to have me come speak to your team or just want to chat,
feel free to email me.
Thank you and have a safe 2019.
You've been listening to Hacker Public Radio at Hacker Public Radio dot org.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by an HBR listener like yourself.
If you ever thought of recording a podcast, then click on our contribute link to find
out how easy it really is.
Hacker Public Radio was founded by the digital dog pound and the infonomicum computer club
and is part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly, leave a comment on
the website or record a follow-up episode yourself.
Unless otherwise stated, today's show is released on the create of comments, attribution,
share a like, 3.0 license.