Jono, Ben & Megan - The Podcast - How Many Different Passwords Should You Actually Have...
Episode Date: July 17, 2023We talk to Jordan an expert from CERTNZ about how many passwords is the perfect amount of passwords!See omnystudio.com/listener for privacy information....
Transcript
Discussion (0)
We are talking passwords this morning and we are joined by Jordan Hairspring.
He's the manager of incident response at 13Z. Good morning.
Kia ora, good morning.
Kia ora to you. Now, passwords online.
We can be guilty of being a bit relaxed with them.
Some can even be guilty of having the same password for 300 different websites.
How many passwords is the right amount?
As many passwords as accounts you have is the right answer there,
which is a tricky thing to say and a tricky thing to do.
But if you want to be secure online, it's important you put that effort in.
So you have a specific one for every website?
Every website.
Yeah.
If you use a password more than once,
it doubles the risk of it causing you a breach in some way, shape or form.
But I can't remember all that and putting special characters and extra digits and capitals and all sorts in there as well.
Yeah, it is tricky, but there are some tools that you can use to do that.
So if you look at what we call a password manager, that can help not just store those passwords for each website, but also make them up for you if you like.
You know how it goes,
do you want to save this password
for a particular site that you're registering for?
Do you click save or no comma thanks,
which I always do just out of pure paranoia?
So the right answer is to click no
and to use your password manager.
Using the browser password managers is better than nothing,
but it does put additional risk there to say if your browser gets compromised,
then they've got all the passwords for all those logins as well.
So what's, sorry, I don't really, I'm not really a fay with password managers.
So what is that?
Is that something that remembers your passwords or helps you for that particular?
Yeah, it's a little application that essentially you'll need to remember one really important password
and that will in some ways unlock basically a list of all of your passwords
so that you can say you want to log into your social media account.
It can have whatever social media accounts you've got there and you select that
and you select your password, you copy paste the details in and away you go.
What about like at work here?
I always, and John, I get sick of me complaining all the time
because every few weeks they make us change the password
and I forget what I've changed.
I mean, are they being over paranoid at work
making us do this every couple of weeks?
So that's a bit of a bone of contention in the security community.
It's actually better in a lot of respects to have a really good password
and not change it for a long time.
Good on you.
I'm using this.
I'm using this.
People change their passwords really often.
We're sending this up to IT, mate.
I'm like, who needs to get into my NZME email and know that Gary's parked in the visitor park again?
Jordan with us, he's the manager of incident response at CertiNZ.
So what is the ideal password?
You've got the capitals, you've got the underscores,
you've got the numbers, the spaces,
and it's always telling us that two week, two week.
What is the ideal combination of keys that we should be typing?
Well, I'll tell you my favorite password.
No, I'm just kidding.
What's your one?
We'll use that.
The best way to do it is get a series of words,
so three or four, maybe five or six big words,
and just have them all in a row.
Chuck a couple of characters in each of them,
and you get a really long password,
which is good for people who are trying to do sort of brute force type attacks, trying
to guess the passwords and use computers to get in. But then make sure you save that to
your password manager so that you don't have to remember it yourself and that you can refer
back to it when you need to log into that account again.
Five or six words in a row. Wow. But you keep coming back to this password manager,
which sounds amazing.
I think we need to get on board with password manager.
At the moment, it feels like there is just a torrent of scams going on.
Yeah, there's so many, especially through SMS messages at the moment,
so your text to your phone.
There's so many bank scams, IRD, ROAD and NZTA type scams.
So keep an eye out for those.
And if you do get them, report them through to ourselves at cert.govt.nz
or to the DAA at 7726 as well.
Do you remember the bloody glory days, Jordan,
when you'd just have your name followed by the number one,
and then when you needed to update your password,
you'd add two and then three and needed to update your password, you would add two, and then three, and four.
Do you remember those glory days?
No, they couldn't get into your nonsense, could they?
Well, nobody was interested back then.
Yeah.
Well, there we go.
Hey, Jordan, listen, really interesting talking to you.
Takeaways from this, let's download that password manager thing
or whatever that is.
Let's have a different password for every website you're on.
And let's send that audio up to IT here at work
as well.
Thank you so much for your time. It was really, really helpful
for us and everyone listening.
No worries. Thanks, guys.