You can buy a small padlock for less than a dollar—but you shouldn’t count on it to protect anything of value. A thief could pick a cheap lock without much effort, or break it. Yet, many people use weak passwords. They use them to “lock up” their most valuable assets, such as money and secrets. Fortunately, everyone can learn how to make and manage stronger passwords. It’s an easy way to strengthen security both at work and at home.
What makes passwords ‘Strong’?
We all hate the dreaded “you must change your password” email from IT. It must be at least 12 characters long. It must include numbers, symbols, and upper- and lowercase letters. You think of a word you can remember, capitalize the first letter, add a digit, and end with an exclamation point. The result: Strawberry1!
Unfortunately, hackers have advanced tools. They can easily defeat passwords based on dictionary words. These are words like “strawberry” and common patterns. An example is capitalizing the first letter.
Increasing the complexity, randomness, and length of a password makes it stronger. These changes make it more resistant to hackers’ tools. You can see in the table below from MyITRisk.com. An attacker could guess an eight-character password in 8 seconds. But, a 12-character password would take four years to guess.
It is also important to pay attention to password complexity. Also you should also pay attention to password unpredictability. You want to avoid common substitutions (e.g., ‘a’ to ‘@’, ‘s’ to ‘$’).
Why Uniqueness Matters
People reuse passwords for many accounts. This risky behavior opens the door for attackers. Even a single password, even a strong one, can lead to access to valuable accounts. Password reuse can lead to a domino effect of account breaches.
- 44% of passwords are reused on many accounts worldwide. This puts sensitive data at risk.
- Hackers compromise 20% of passwords, and users reuse 51% of passwords.
- 54% of employees use the same password for several work accounts.
Reusing passwords, even strong ones, can leave accounts exposed to attacks.
Here’s a real-life example
Ten years ago, Daisy joined an online gardening forum. She also created an online payment account and used the same password. She soon forgot about the gardening forum. But, someone accessed her payments account years later and stole a lot of money.
Daisy didn’t know someone had hacked the gardening forum. The hackers leaked users’ logins online. An attacker likely tried reusing Daisy’s leaked password on popular sites. Eventually, the attacker got lucky.
Guarding your passwords
Don’t write them down. Many write passwords on post-it notes and leave them in plain sight. Even if you hide your password, someone could still find it. Similarly, don’t store your login information in a file on your computer, even if you encrypt that file.- Don’t share passwords – You can’t be sure someone else will keep your credentials safe. While at work, you may have to take responsibility for anything that occurs when someone is logged in as you.
- Don’t save login details in your browser. Some browsers store this info in unsafe ways. Another person could access your accounts if they get your device.
Tips for keeping passwords secure
Consider sharing these password tips with family and friends.
- Never reuse passwords – Create a unique, strong password for each account or device. This way, a single hacked account doesn’t endanger other accounts.
- Create long, complex passwords. Don’t use passwords based on dictionary words, pets’ names, or personal information. Attackers can guess them.
- Use a password manager. These tools can store and manage your passwords. They can also generate strong new passwords. Some can also notify you when a password might be compromised.
rb-
A strong password is the main barrier keeping most of your online accounts from being hacked. Without up to date practices, you might be using passwords that cyber-frauds can easily guess within minutes.
The average user creates passwords to fight data theft. The user could switch up the characters in your passwords and “Tr1Ck” your way into security. However. in today’s environment you need to create passwords that can fight modern password theft methods. Today, cyber-criminals use sophisticated technology to get your passwords. Users must consider the hackers software that is designed to account for user behavior as it guesses your passwords.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.