Password strength is directly related to how much computing power is required to crack the password. At Xari Group, we recommend that users create long, complex passwords to exponentially increase the time it takes for hackers and cybercriminals to crack. Here are concrete steps you should take to setting strong passwords:
1> The longer the password, the better – Create passwords that contain a minimum of 8 characters. If your password protects something sensitive, like access to your bank account, then use a minimum of 12 characters.
2> Use everything available on your keyboard – Use numbers, upper and lower case letters, special characters, and symbols to help increase the strength of your password.
3> Never use dictionary words – Never use common words or names within passwords. This rule can be extended one step further for those passwords protecting highly sensitive data to include compounds of multiple words. “IloveLabraDorReTrievers” is not a secure password if the information it’s protecting is of high import.
Need help drafting Data Classification and other cybersecurity policies? Get a FREE consultation here.
4> Avoid commonly used password patterns – A recent study by the US Defense Department’s research agency, found that about half of all passwords used at a Fortune 100 company followed five common patterns, the top 3 of which are listed below:
- One uppercase, five lowercase and three digits (Example: Psword123)
- One uppercase, six lowercase and two digits (Example: Pssword12)
- One uppercase, three lowercase and five digits (Example: Pass12345)
5> Use unique passwords – Don’t use the same set of passwords or recycle one across different services because that only diminishes the benefit of using a strong password. Research from the University of Cambridge shows that 31% of users reuse passwords in multiple places. When one of those reused passwords becomes compromised, the impact to the user is amplified.
Want to check if your passwords have been compromised? Sign up for a FREE Dark Web Scan here.
6> Be careful where you store your passwords – Never store passwords in spreadsheets or upload it to the cloud unless it’s within an encrypted file. Data from McAfee shows that the average company has 100+ files on Microsoft’s OneDrive that contain the word “password” in the file name. If you’re going to store your password somewhere, use a reputable and secure password manager.
7> Enable Multi-factor authentication – This adds an additional layer of protection against hackers logging in with a stolen password. With two-factor authentication, the user must have her cell phone in order to verify her identity in addition to the username and password.
Read more about Multi-factor authentication here.
Tips to remembering strong passwords
One of the challenges of setting strong passwords is remembering them. Here are two practical ways to make sure you don’t compromise your password security just because strong passwords are hard to recall.
Method #1: Create your password from a sentence
People are much better at remembering sentences and song lyrics than they are remembering random letters, numbers, and symbols. One trick to creating a strong password is to take the first letter of every word in a long and memorable sentence and then add upper and lower case letters, numbers and a few symbols to produce your password.
Are you a fan of the Beatles? Then try this: “Yesterday, all my troubles seemed so far away / Now it looks as though they’re here to stay / Oh, I believe in yesterday”, which in password form converts to “Y,amtssfa/Nilatt’h2s/O,Ibiy”. Simple enough, right?
Another good example of this trick is to use a personal statement such as “Don’t forget, your wedding anniversary is on October 3rd!”. The password then becomes “Df,ywaioO3rd!”. There are endless ways to build highly secure and easy to remember passwords using this trick.
Method #2: Treat your keyboard like a constellation
Your keyboard is a blank canvas, ready to help you create your strongest password yet. Draw patterns meaningful to you across the keyboard, including letter and numbers (using your imagination, not permanent marker). The shapes could be your initials, your first name, or a geometrical shape like your favorite constellation to create your password of choice.
These two methods can generate random and secure passwords that are as easy to remember as your favorite song or constellation. In addition to strong passwords, experts also recommend turning on multi-factor authentication. A wide variety of websites support multi-factor authentication today, including Dropbox, Gmail and most banking websites. While there’s no fool-proof way to prevent hackers gaining access to your data or your identity, taking a few easy steps drastically reduces your risk.