Everybody uses passwords. This article discusses the different types of passwords, how to generate them, and provides 5 password tips to help keep your data safe and secure.
We use them for our phones, computers, e-mail and just about any other personal account. Sadly, as they are easier to remember, many of us use basic passwords like “Password1” or “1234.” Some of us even reuse multiple accounts with the same simple password.
It is considerably easier for an adversary to crack if you use a simple password or character template. Many businesses and sites require upper case letters, lower case letters, numbers, and special characters to be included in passwords.
Instead of using a simple, difficult-to-remember complex password, try using a longer passphrase. It means combining multiple words into at least a 15 character long string. The extra length of a passphrase makes cracking harder, thus making it easier to recall.
A sentence like “JustGotMarriedInVegas2020,” for example, is a strong passphrase. A passphrase combining multiple unrelated words, such as “PencilOrangeDogDecember” is even better.
What Makes a Secure Password?
A secure password will include a combination of letters, numbers and special characters in the lower case and the upper case. Nevertheless, the overall length of the password is much more important than the characters used, as password cracking programs can begin with shorter password predictions before moving on to longer sentences. A very strong password should include all types of characters and should be at least 12 characters long.
Why Randomness Is Important
Another common password attack is to use common English words that a lot of people used before. This is called a “dictionary attack,” since in an effort to gain entry, the attackers can guess combinations of common dictionary terms. This is why a random mix of letters, symbols, numbers, and words would make the best passwords.
Password vs. Passphrase Generator
Another way to create a strong random password is to use a passphrase, or add 4-6 words in a mnemonic system together. Since passphrases are always greater than or longer than 20 characters, they are highly immune to brute force assault. We suggest, however, that you include at least 2-3 numbers or symbols to throw off any would-be dictionary attackers.
5 Password Tips
- Require everyone to use 15 or more characters with longer passwords or passphrases without requiring upper case, lower case, or special characters.
- Only require changes to your password when there is reason to believe that your account has been compromised.
- Have your network administrators screen everyone’s passwords against lists of dictionary words and passwords that are known to have been compromised.
- To help prevent a denial of service attack against your email service, after a number of incorrect login attempts, don’t lock the user’s account. That way, even if your network is invaded by an attacker with intentionally incorrect login information, your users will not be locked out of their account.
- Don’t allow password “hints.”
Many people end up using password keeper services. Such programs, also called a cabinet, store all of your passwords in one location. Some programs can even create strong passwords for you and keep track of them all in one location, so the one for your vault is the only password or passphrase you must remember.
The downside of using a password keeper program is that if your vault password is cracked by an attacker, then he or she knows all your passwords for all your account. But many IT professionals believe, a password keeper program’s benefit far outweighs the risk. A small amount of research should help get you started.
Go to www.FBI.gov/ProtectedVoices for more information.
Call us to schedule a free consultation or call 757-250-7338, or fill out this form and we’ll be in touch:
Thanks for stopping by to read about password tips. Always remember to change them often, don’t use family or pet names, and never write them down. Do you have any password tips that we can add?