When we’re prompted to choose a password, most of us go for something that we’ll remember easily or the same password as we use for everything. That’s the easiest way, right? Well, yes. But it certainly isn’t the most secure way to protect your data. With the ever-increasing sophistication of cybercriminals, it’s time to put a bit more effort into choosing a strong password.
What is a strong password?
A strong password is a combination of characters that don’t follow any particular pattern, such as words, consecutive numbers or memorable phrases. When attempting to ‘crack’ a password, attackers often begin with lists of commonly chosen passwords garnered from online dictionaries for various human languages and breached databases of passwords from various online business and social media accounts.
A strong password typically contains:
- at least 15 characters
- uppercase letters and lowercase letters
- symbols, such as ?/&^
A strong password should not contain:
- your name or username
- your date of birth
- your phone number
- dictionary words
- common substitutions for dictionary words, such as pa$$w0rd and S3cur1ty
The most secure passwords are usually created using a random password generator such as Strong Password Generator or through browser plugins. The downside of using these generators is that the passwords are very difficult to remember, so users are more likely to write them down on a post-it note on their desk, which causes its own security issues!
As a network administrator, it is possible to set parameters for user passwords to increase security. For example, you can state that passwords must include at least a certain number of characters, cannot be a previously used password or that they must be changed on a regular basis. It’s also possible to implement a lockout system so that if a password is guessed incorrectly a certain number of times, the account will be temporarily locked and an administrator will be alerted.
Why do you need a strong password?
We get asked a lot why a strong password is needed for everything. Surely nobody is going to do much damage if they get into your Facebook account or your account with your local pizza delivery company? Even these accounts can hold valuable information about you – name, address, date of birth, history of places you have visited, personal information about friends and family. In the wrong hands, this data is very valuable! They can also use this information to guess other passwords belonging to you, so ideally you’ll be using very different passwords for each account.
How secure is my password?
If you’ve got a password that you use, it might be worth seeing how secure it is. You can do this by visiting How Secure Is My Password? and finding out how long it would take a computer to get past your password if it was trying. The word ‘password’ – which remains in the top 5 passwords worldwide despite lengthy warnings about cybersecurity! – will be guessed almost instantly, while ‘H7ff5%rtr3x+’ should take around 34,000 years.
Get a cybersecurity audit for your business.