Some time back, I came to a few not-terribly surprising conclusions.
1) Security information gets dated, fast. As attackers become aware of a given tool, they work to circumvent it. What is a secure, safe practice one year may actually be a security hazard later on. This bad advice tends to get 'stuck' on the Internet, made even worse by the fact that Google still gives immense weight to stale - but highly linked - articles.
2) Security advice is often completely unusable. One example of unusable security is 'use a different password for every website, alphanumeric plus symbols and mixed case, write nothing down and never use a password manager'. Security advice you are forced to ignore is horrible advice.
3) Security advice can also seem like a massive checklist, rather than a way of thinking. At best, your eyes glaze over, and you ignore pieces of it or make a mistake. At worst, you spend hours ticking off each item, and then consider yourself safe.
Security procedures need to be usable, reasonable, and practical. It needs to be something that you will not only get a definite benefit from, but also advice you are willing and able to follow. This series of blog posts will focus on providing advice that you can actually use, rather than some impossible checklist.
As the title suggests, this first article will cover passwords.
