Passwords have always been a weak point in security, but things are changing for the better. Recent studies shows that users and enterprises are taking this step seriously. Password habits are improving but improvement is still needed. We see frequently that passwords are being reused and their complexity is thin.
Strengthening the content of passwords will make them harder to crack as cybercriminals inevitably improve their password breaking techniques. Smart password practices cost next to nothing, aren’t time consuming and safeguard you from cybercrime. But what is a ‘Strong Password’ and how do you make strong passwords that don’t have to be written down or copy/pasted? Here are some best practices to help you creating ‘Strong Passwords’:
1. Increase Complexity of Content
The actual content of a password affects how easily it can be broken. For example, a password consisting of all lowercase characters is easier to break than one that contains lowercase and uppercase characters, plus numbers and symbols. Keep in mind that password complexity is good. Unfortunately most people only use one of the 40 special characters to strengthen their password (like substituting ‘0’ for the letter o). Complexity works best when it’s random and should mean a case-sensitive combo of letters, numbers, and special characters.
2. Lengthen Passwords to Strengthen Security
It turns out that length is even more important than complexity as far as defeating password crackers. Lengthening passwords to 12 characters can increase password security significantly. So, you don’t have to create passwords that look like the stand-in comic strip curse words (!%*##$*) from back in the day.
3. Change Passwords Regularly
Passwords need to be changed regularly: every 60 days is considered fine, but every 30 is even better. And make sure not to reuse passwords. This is one case where recycling is bad. Reusing the same password across multiple systems can turn a minor data bleed into a rushing hemorrhage. When an employee’s personal Twitter password is hacked, it’s one thing, but when that Twitter password is the same one he uses across the entire company network, it can turn into a security nightmare. Make sure your end users understand this.
4. Answer Reset Questions Untruthfully
Urge people to lie on the answers to their password reset questions. A little superficial research can yield a mother’s maiden name or pet’s name. It’s better for people to pick a reset answer for each website consisting of an unrelated root phrase that’s meaningful to the user, but varied slightly for each site.
But How can I remember all of this?
Now let’s get to the magic part, building these passwords in ways we won’t forget. Here are two different patterns that will make it fairly easy for you to remember your passwords:
1. Use Sentences
Create a sentence from an easy-to-remember piece of information that is personal to you. For example, “My son’s birthday is 5 October, 2013”. Using that phrase as your guide, you might use “Msbi5/Oct13” for your password.
Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, “My son’s birthday is 5 October, 2013” could become “Mi$un’sBrthd8iz51013”.
Alternatively, relate your password to a favourite hobby or sport. For example, I love to play badminton could become “ILuv2PlayB@dm1nt()n”.
2. Random words
Take multiple random words with no logical or grammatical connection but that have some meaning to you and place them behind each other. For example: “FlowerSkyCake”. Replace letters with numbers or special characters or add additional characters: “F10wer5kyCake!”
These tips will not make all of the pain that comes with using strong passwords go away. But they do provide some significant ease. And remember using stronger passwords won’t keep you secure from all the threats out there, but it’s a good first step.