🔒 Strengthen your Password Habits

TYPE AUDIENCE PRIORITY COMPLEXITY EFFORT COST UPDATED
Preparation 🧑 ⭐⭐⭐⭐⭐ ⭐⭐ 🧑🧑🧑 🆓 2021-06-11

Rationale

Password security isn't just about the strength of your passwords, it's also about how you use them. For example, if you use the same password on multiple accounts, then if one account if compromised, the other is also compromised. Yet, it's impossible to remember a unique password for each account, so we need to combine the use of a password manager with good personal habits to get the most security benefit from using strong passwords.

Instructions

Overview

From a high level, these are the steps we'll walk you through:

  1. Optional - Install Mozilla Firefox or Brave Browser - approx 10 min
  2. Create passphrases - approx 10 min
  3. Secure your computer - approx 3 min
  4. Create an account with the BitWarden Password Manager - approx 20 min
  5. Install Bitwarden on your browser and Smartphone - approx 30 min
  6. Replace existing passwords - approx 3 min per account

What you should know

Pasted image 20210607160651.png

  1. To protect your devices, systems, and account you should use a "secret code" that only you know.
  2. optional There are three types of such "secret codes"
    1. PIN codes - e.g. 6234 and BX9623, short codes, often numeric, that are used to unlock devices you have physical access to. I.e. PIN codes are never used over a network, so they are not vulnerable to brute force attacks over the internet (i.e. automated attempts at guessing the secret code by trying all possible combinations).
    2. Passwords - e.g. M0nk3y47 and D3xb#K&45ZVgrhAFxhr!4hLo, sequence of letters, numbers and symbols that should be as long and as complex as possible, as passwords are used to protect systems which are exposed to brute force attacks.
    3. Passphrases - e.g. BreakMonkeyWakeEurope, a special type of password that is easy for humans to remember, and hard for machines to guess. It's made by constructing a phrase from a couple of randomly chosen words. Always use a passphrase instead of a password when YOU are expected to remember it instead of your Password Manager.
  3. We are going to create ONE PASSPHRASE that will be used to unlock ALL YOUR PASSWORDS. This is also known as a Master Password, and because it is so powerful, it needs to be the strongest possible passphrase.

What you should prepare

  1. Access to your (work) computer, your smartphone and an internet connection.
  2. If you aren't using Mozilla Firefox or Brave Browser, please first 💻-🖥️ Setup a Secure Browser on your computer before continuing with this guide.

What you should do

1. Create Secure Passphrases

As mentioned above, passphrases are superior to plain passwords, as they are easier to remember for humans, and more difficult to guess for computer. That's why you will only need to remember passphrases, and we'll let the computer remember all your passwords for your by means of a Password Manager.

See 🔒 Generate Strong Passphrases for instructions.

2. Use the Secure Passphrases for your Computer

One passphrase you've generated will be used as the Master Password for your Password Manager.

If you have a user account on a (work) computer, we recommend that you generate additional passphrases to secure your computers. Follow the instructions for Windows 10 from Microsoft.

Note: Microsoft sometimes makes it very complicated to change the password on the computer because they tie it to a microsoft account which also needs a phone number. If this is the case, and you are not the owner of the phone number, work together with the person who owns the account / phone number to set the passphrase.

3. Setup a Password Manager

See 🔒 Setup a Bitwarden Account for instructions.

4. Install the Bitwarden Extension for your Browser

Note: If you are not using Brave Browser or Mozilla Firefox, on your computer, first 💻-🖥️ Setup a Secure Browser, then come back to continue these steps.

The BitWarden extension is also available for all the browsers shown below. However, since Brave and Firefox provide many additional security benefits, this guide recommends using one of those two browsers. If you insist on using another browser, you can still continue following the guide as the steps are the same for each browser.

Pasted image 20210607232603.png

See 🔒 Setup Bitwarden on Desktop for instructions.

Once you've added the Bitwarden Extension to your browser, watch Bitwarden Browser Extension Quick Start on YouTube to learn the basic usage.

5. Install Bitwarden on your Smartphone

See 🔒 Setup Bitwarden on Mobile for instructions.

6. Replace All Your Weak Passwords

Now that you know how to 🔒 Generate Strong Passwords, to benefit from these stronger passwords you need to replace all your current passwords with passwords generated with this method.

This will take some time, but it is an important step to protect yourself and your organisation. We recommend to:

  1. Start with the accounts where your password has leaked - check here
  2. Continue with all the accounts your use for work
  3. Then move on to the accounts that have the most sensitive data about you
  4. Then change all the accounts where you used the same password that was leaked, if any.
  5. Finally, continue with all the other online services you have accounts with, if any.

NOTE Whenever your generate a new password to replace the old one, make sure that you store it in BitWarden as part of a new Login Profile.