TechLinks: How to build a strong password

Your best defense may be a good offense, but in the world of password protection, your first line is a strong and unique password. Recent attacks by hackers on private and public institutions can mean that your personal information — name, email address, and password — can be accessed by someone who would use your information to your detriment.

To be more password savvy, the Realtime and Technology Resources Committee rounded up some tips to help make this important part of your personal (and professional) security easier.

Lynette Mueller, FAPR, RDR, CRR, of Memphis, Tenn., recommends Lifehacker’s Aug. 14 article “How to create a strong password” for starters. The article mentions that the U.S. government had recently changed its guidelines for creating a strong password, now suggesting the use of long, weird strings of random words, with some capital letters, special characters, or numbers. This guidance should prevent both computers, which can run through a dictionary pretty quickly while trying to guess your password, and human hackers from getting into your accounts.

“The first step in being able to build a strong password policy is understanding what a password policy is,” says Mueller. The password policy is a set of rules set by the company that explains the combinations of words, numbers, and/or symbols you must use to grant access to an otherwise restricted online area. Passwords protect everything from your website to small business networks. For more information, she recommends reading Small Business Trends’ Aug. 2 article “Follow These 20 Password Policy Best Practices to Keep Your Company Secure.”

However, as the Lifehacker article points out, it’s hard to remember a string of random words (and common phrases aren’t random words, so don’t succumb to the ease of using your favorite quote as a password). Lifehacker recommends using a password manager, and some are set to help you create a password.

“As a busy legal professional, keeping information secure is of utmost importance and so is maintaining secure passwords for your online resources,” says Mueller. “1Password can create strong, unique passwords for you, remember them, and restore them, all directly in your Web browser. Selecting one of your saved logins from 1Password’s Go & Fill menu takes you to the site, securely fills in your username and password, and logs you in, all with a single click or a few keystrokes.”

1Password is one of the password managers that can help you, but it’s not the only one: Dashlane, LastPass, and Google Smart Lock are just a few others. Tammy Jenkins, RMR, CRR, CRC, of Crystal River, Fla., shared three articles to help you get an overview of which one might work best for your systems:

Follow these best practices to help ensure maximum security for your important information!

TechLinks: The 21st century reporter, part 2

TechLinks_logoOn behalf of the NCRA Technology Committee, Robin Nodland, FAPR, RDR, CRR, recently shared a series of links with information to help the 21st-century reporter or captioner. This second installment covers cloud backup, password management, and efficient internet searches.

In a July 21 article on How-To Geek, Cameron Summerson talks about how to use Google’s Backup and Sync tool to automatically backup information — including documents, photos, and videos — onto Google Drive. Summerson talks a bit about what this tool is and how it works, and then goes step by step through the process of setting it up. The Backup and Sync tool works on both PCs and Macs, and it allows the user to sync either an entire computer drive or only specific folders.

In a July 21 article for PC Mag, Michael Ansaldo presents the best password managers of 2017. Ansaldo talks about what a password manager does, why it’s important, and how PC Mag chose the best overall and the runner up. The article includes links to reviews for all of the password managers that PC Mag considered.

In a July 18 reprint on SlawTips (the original ran on the Law Society of Saskatchewan Library’s Legal Sourcery Blog), Alan Kilpatrick offers some tips on using Google Search for efficiently. Kilpatrick focuses on using specific search terms and then using the different search operators and filters — including combining them — to “craft powerful queries and locate good results.” The article ends with a few reminders about evaluating search results for authenticity, etc.

Read “TechLinks: The 21st century reporter, part 1.”

Four tips for creating strong passwords

By Christine Phipps

In April 2014, researchers announced Heartbleed, a serious Internet security vulnerability that went undetected for two years, possibly affecting an estimated 500,000 websites through which hackers could conceivably pilfer login information, credit card numbers, and other data. And, every few months, another news report alerts people to more stolen passwords or hacked sites. As a result, security experts have widely recommended changing all your passwords for sites that have upgraded their security certificates.

But creating strong passwords is trickier than it used to be.

According to security expert Bruce Scheier, hackers are becoming increasingly adept at figuring out login credentials, thanks to fast and powerful computers running software that can crack encrypted passwords by guessing millions of variations per second.

Password crackers try common passwords like “letmein” with prefixes or suffixes such as “1” or “!” and run various dictionaries of English and foreign words and names along with appendages such as dates and replacing letters with symbols (such as “@” for “a”). These tactics are remarkably effective at breaking passwords and crack even those you’d think look pretty unguessable — passwords such as “k1araj0hns0n” and “Sh1a-labe0uf.”

So what’s the best way to create a strong password you can remember? Follow these tips to the best password practices.

1. Use a meaningful sentence

Scheier suggests turning a meaningful sentence into a password. For example, “This little piggy went to market” turns into “tlpWENT2m.” Notice that not only does this password use the letters from the sentence, but it uses both uppercase and lowercase characters and replaces “to” with “2.”

2. Never reuse a password

It’s imperative that you never use the same password on more than one website.

“Even if you choose a secure password, the site it’s for could leak it because of its own incompetence,” Scheier writes. “You don’t want someone who gets your password for one application or site to be able to use it for another.”

3. Use a password vault

My favorite password vault is LastPass because it will generate unique passwords such as “R4fpo9)mswH” and saves them in an online vault. Even better, the LastPass browser extension automatically fills in login credentials on every site for which you’ve saved a username and password, so you don’t have to try to recall difficult-to-remember passwords.

For $12 a year, get LastPass on your mobile device so you can access your passwords when you’re not sitting at your computer. LastPass is available on iTunes, Google Play, and the Windows Phone store..

LastPass’s Security Check feature was recently updated to alert users to which of their accounts may have been compromised by Heartbleed, as well as the last time a site’s password was updated and if the site has updated its certificates to make it safe from Heartbleed. Since LastPass is free to download to your computer, it’s a tool worth using. After downloading and installing LastPass, click the LastPass icon in your browser toolbar, then Tools menu, then Security Check.

4. Use two-factor authentication

Two-factor authentication adds an extra layer of security by asking for something else in addition to a password before allowing you into a website. Google and Facebook, for example, offer to text you a code that you have to enter on a login page. Google has a page explaining how to sign up for their two-factor authentication service. For Facebook, enable ‘Login Approvals’ from the ‘Account Security’ section of your account settings page.


Christine Phipps, RPR, is an agency owner and freelancer in West Palm Beach, Fla., and a member of NCRA’s Technology Committee. She can be reached at