Law Society of Saskatchewan
Find Legal AssistanceMember ProfileMember ResourcesContact
  • 0
    Cart
  • My Account
  • About Us
      • slider_1Latest News
      • Notice on Updated Practice Directive
      • PPSA 1101 (Survey Course) – Free Enrolment for Articling Students in Saskatchewan
      • Family Law Help Sessions – Moose Jaw
      • News
        • Legal Sourcery
        • Podcast
        • Re:Source Mail
        • Videos
        • Benchers’ Digest
        • Case Mail
      • Mission and Values
      • Committees and Task Forces
      • Convocation
      • Benchers
        • Bencher Election 2018
        • Bencher Election 2021
      • Annual and Financial Reports
      • Contact Us
  • Initiatives
    • slider_1Initiatives
      The Law Society is seeking to identify legal service providers for new initiatives. This unique approach, the first of its kind in Canada, enables the Law Society to expand access to appropriately regulated legal services in a responsible and sustainable manner. The overall goal is to balance the need for enhanced access to legal services for underserved Saskatchewan citizens while ensuring public protection. For more information, click below. Consultation
      • Access to Justice
        • Future of Legal Services Initiative
        • Limited Scope Legal Services
      • Equity
      • Legal Information
        • Legal Information Guidelines
        • Saskatchewan Access to Legal Information
      • Innovating Regulation
      • Truth and Reconciliation
        • Additional Resources
        • Notice to Day School Survivors
      • Saskatchewan Justicia Project
  • Regulation
    • slider_1Remote Executing Of Certain Documents And Remote Witnessing Of Wills By Electronic Means Legislation Now Permanent
      We are happy to announce that today, the Government of Saskatchewan repealed the temporary emergency regulations related to remote execution of certain documents and wills and replaced those regulations with permanent regulations allowing for remote execution of documents via electronic means (i.e. video calls) to continue long-term beyond the end of the public emergency period. Practice Directives
      • Definition of the Practice of Law and Unauthorized Practice of Law
      • Firm Regulation
        • Designated Representative (DR) Hub
      • Act, Code and Rules
        • The Legal Profession Act, 1990
        • Code of Professional Conduct and Amendments
        • Law Society Rules, Amendments and Practice Directives
        • Rules Concordance – Read More
      • Hearings, Decisions and Rulings
        • Pending Discipline Matters
        • Discipline Decisions
        • Conduct Review Database
        • Ethics Rulings Database
        • Pending Admissions and Education Matters
        • Admissions and Education Decisions
        • Disqualification and Reinstatement
      • Lawyers with Practice Conditions/Restrictions
      • Lawyer Trusteeships and Successors
      • Potential Complaint Outcomes
        • Ethics Committee
        • Competency Committee
        • Conduct Investigation Committee
  • Public
    • slider_1New Law Society Complaint Form
      The goal is to assist and encourage complainants to provide clear and concise descriptions of their concerns, and reduce confusion by removing technical terms that may not be fully understood by members of the general public (i.e.: “conflict of interest”). Complaint Form
      • Finding Legal Assistance
      • Find Legal Assistance Search Guidance
      • What to Expect From Your Lawyer
      • Looking For Lost Wills
      • Making a Complaint
        • Complaints Process
      • Common Client Concerns
        • Understanding Lawyers’ Fees
        • Quality of Service
        • Conflict of Interest
        • Confidentiality
        • Withdrawal
        • File Transfers
      • Common Client Concerns
        • Role of an Estate’s Lawyer
        • Role of Opposing Lawyer
        • Breach of Trust Conditions/Undertakings
        • Lawyer’s Conduct in Court
        • Lawyer’s Outside Interests
  • Lawyers and Students
    • hiring sign resizedCareer and Volunteer Opportunities
      • Becoming a Lawyer in Saskatchewan
        • Students-at-law
        • Transfer Lawyers
        • International Applicants
      • Becoming a Principal
      • Career And Volunteer Opportunities
        • Students Seeking Articles
      • Membership Services
      • Awards, Bursaries, Scholarships
      • Consultation
      • Locum Registry
      • Practice Advisor Program
      • Forms and Fees
        • Law Society Forms
        • Trust Account Forms
      • Western Conveyancing Protocol
        • Protocol for Saskatchewan
      • Practice Resources
        • General Resources
        • Queen’s Bench Rules
      • Health and Wellness
  • Legal Resources
  • CPD
    • slider_1Continuing Professional Development
      • CPD Activities
        • CPD Calendar of Activities
        • CPD On Demand (Subscription)
        • Recorded Versions Shop
        • Study Group Resources
      • CPD Policy
        • Reporting CPD Hours
        • Eligible CPD Activities
        • Approved Providers
        • Remedial CPD Plan Information
        • FAQs
        • Transition to One-Year CPD Term
      • Contact Us
      • Volunteers
      • Presenter Section
  • Shop
Law Society of Saskatchewan Technology Passwords – As Painless As Possible (Tech Beat)

Passwords – As Painless As Possible (Tech Beat)

May 26, 2015

techbeat

Passwords are a necessary evil if you use a computer and the Internet for almost anything these days. A typical user has to remember 19 passwords on average, and a whopping 80% of us use the same password for multiple online accounts. Password-cracking technology has changed over the years and the definition of a “strong password” evolves over time. Some years ago, a strong password required about 8 characters, with mixed cases, at least one number and one special character, and could not contain words found in the dictionary – something like this: j6tLwFJ!.

Here’s the good news. Security experts are now saying that a very long password, even if it is made up of words found in the dictionary, is more secure than a short, complex password.

In an offline attack scenario (100 billion guesses per second) it will take only three days to crack j6tLwFJ! but 203 billion years to crack Pop!GoesTheWeasel. Which of these two passwords would you rather memorize? This is not to say we should use passwordpassword as a password. The calculation above is based on the time required to mathematically run through the permutations of the characters used. In practice, no hacker will attempt to break a password this way. Hacking programs will first try the most popular words used as a password, such as password, iloveyou, monkey, football, baseball, dragon, abc123, 12345 (up to 9), qwerty, letmein, superman, batman, and common names such as Michael, Thomas, Jennifer, Jordan, and Charlie.

My favourite way to pick a password is to use the first character of each word in a sentence of about 14 words and add a special character or two:

MhgfpiMM90Y!49 = My holy grail fountain pen is MontBlanc Meisterstuck 90 Years 149

The time required to crack this password in an offline attack scenario is two billion years.

If you are not sure whether your password is strong enough, there are online password strength checkers you can use. Here are a few examples:

  • Microsoft Safety & Security Center
  • The Password Meter
  • How Secure is My Password?

So now you have a super secure password. You have a perfect sentence that you can remember well and you can fit in numbers and special characters nicely. It is tempting to reuse this on all your online accounts.  You may argue that you only go to reputable websites of big companies. It should be safe, shouldn’t it? Remember the Heartbleed bug in 2014? This bug exploits the OpenSSL cryptography library which is used by two-thirds of the websites on the Internet. The compromised or vulnerable websites include Instagram, Facebook, Pinterest, Amazon Web Services, Tumblr, Google, Yahoo, Etsy, GoDaddy, Flickr, Netflix, SoundCloud, YouTube, and Dropbox. Still not convinced? Have a look at this interactive infographic.

Even if you have a very good memory, remembering 19 sentences (and which one is for which online account) is still quite challenging. This is where password managers come in handy. For a nominal annual fee, password managers keep track of all your passwords in encrypted format so you need to remember just one master password to unlock your password manager. Most of them allow you to sync across multiple devices so you will always have access. You can also use a password manager to generate strong, difficult-to-break passwords.

You might ask whether password managers are safe. After all, two well-known password managers, Dashlane and LastPass, were both affected by the Heartbleed bug. Password managers keep track of all your passwords and “safe notes” such as credit cards and bank accounts. You have a lot riding on the password manager’s integrity as a strong gatekeeper. There have been debates and studies detailing web flaws, authorization flaws, user interface flaws, and, last but not least, the bookmarklet flaw. There is a calculated risk in everything, and security is often a trade-off with convenience. Password managers automatically fill in your user name and password for you to save you the trouble of manually entering a random string of characters, and it turns out that this is something not easy to do securely. That said, it is still better to use difficult-to-guess passwords and password managers than using an easy-to-guess password over multiple websites, and until wearable authentication technology matures, this is as painless as it gets.

Share this:
  •  
  •  
  •  
  •  
  •  
  •  

2 Responses to “Passwords – As Painless As Possible (Tech Beat)”

  1. ken11fox says:
    May 26, 2015 at 10:10 am

    21 Sextillian years! – for an easy-2-remember sentence from Dr. Seuss. Better get busy, hackers – time’s a-wasting!

    Reply
  2. funereal says:
    September 20, 2020 at 12:01 pm

    Hurrah! Ϝinally I gߋt a blog from where I can genuinely obtain hеlpful information regarding my ѕtudy and knowledge.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Archives

Categories

Subscribe Now

Subscribe for the latest news from our blog "Legal Sourcery".

Submit News Post

Submission Guidelines

Online Tools

  • Search
  • Contact Us
  • Terms of Use

Quick Links

  • About Us
  • LSS Initiatives
  • For Lawyers & Students
  • For the Public
  • Regulation
  • CPD

Subscribe Now

Subscribe for the latest news from our blog "Legal Sourcery".

Stay Connected

Twitter
Facebook
Linkedin

© 2022 Law Society of Saskatchewan. Website & Hosting by OmniOnline