These tips and tricks are perfect for making a good password
When we work with organizations on how to improve their IT security, one of our first discussions will be about their password policies. Often, business leaders are surprised at this and they express that they were expecting us to focus on other security technology. While we will deploy many advanced security “tools in the toolbox,” passwords continue to be extremely important. Hackers often use the widely available software that will use algorithms to methodically guess passwords and when they have the one that works, it will alert the hacker to let them know they are in. This software works in seconds with weak passwords, or, can take a mathematically impossible number of years with a difficult one. As a result, hackers love people who give little thought to their passwords, and that unfortunately includes a lot of us.
In addition to mathematical complexity, think about how easily guessed many of the most popular passwords are—your spouse’s name and the year you were married, maybe your favorite pet’s name, or often we still see the use of “Password123” or “1234” or when someone really thinks they are getting creative “4321.” But, just as you wouldn’t leave a copy of the set of your car and house keys out for just anyone to grab, your passwords need an extra level of thought: they are in a sense, keys to your digital home. And that digital home is filled with information that must be protected, including information about your friends, family, and workplace. Using data that just anyone can mine from the internet for your passwords is like leaving everything you value unlocked, with a door wide open to anyone who wants to help themselves to your stuff.
Knowing how to make a good password isn’t tough, but it does require a well-thought-out methodology. In this day of rampant digital hacking, you need strong passwords that are harder to hack and virtually impossible to guess. Hackers know the tools and tricks that work for them to bust into your accounts. From mining your social media accounts for common information used in passwords (think pet names, high school attended, birthdates, etc.) to dictionary attacks that cycle through common phrases to password crackers that randomly try combinations of words and letters, they’ve got every tool imaginable. Don’t make it easy for them, make your network a tough one to get into. That’s why we’re here: to help give you a leg up against hackers.
How to create a good password in 7 steps
1. Toss out the most common words, numbers, and phrases.
Your birthday, your family member’s name, your pet, and your address or phone number may be easy to remember, but these make for weak passwords that hackers can easily figure out. In addition, stay away from common words, and numbers and of course, avoid at all costs phrases that anyone might use, such as 12345 or any other obvious password. And if you use a common word or phrase, mix it up by using numbers where letters should be, such as a 3 for an E, or a zero for an O.
2. Go long.
When it comes to defeating mathematical algorithms, the longer the better because each digit adds exponential mathematical combinations. However, there is a threshold for most organizations to how much length their employees will accept. Our recommendation is that the best passwords should be twelve characters in length or more. If an organization has an application that they wish to make even more secure, fifteen randomly generated characters would be recommended.
3. Mix it up.
The strongest passwords have complex rules that include a combination of both upper and lowercase letters, symbols, punctuation, and numbers. Each of these adds to the difficulty to guess, as well as the number of mathematical combinations.
4. Learn to not recycle.
While recycling is important in other parts of our lives, when it comes to passwords it should be avoided. Don’t use the same password for multiple applications because if it is compromised once, the hacker can use it for all those systems. Also, effective password policies require that when a password is changed, that it be something that hasn’t been used recently. For example, when a password expires, you might not be able to use it until you have used 24 other passwords first.
5. Date it, don’t marry it.
Effective passwords require a regular expiration date, typically 45 or 90 days, and after that, a new password must be used. This is critical in the event passwords are compromised to limit the access that an unauthorized user might have. You will have to apply some discipline with this process as a lot of applications and web services do not enforce this by default. It’s up to you to set reminders and proactively change these passwords on a consistent basis. Months can go by after a breach occurs or becomes public knowledge and changing your password could help protect your information in the meantime.
6. Additional steps are helpful, such as two-factor authentication.
This offers an extra step of protection for your data. With two-factor authentication, you may get a text message for a second passcode for your account. In some cases, multi-factor authentication may be available, which adds yet another layer. Enable this feature on any application or website that supports it.
7. Take advantage of passcode management systems.
One common complaint is that complex, regularly expiring passwords are easy to forget so employees resort to poor security approaches like writing passwords on post-it notes on their desks. Fortunately, several solutions exist for managing passwords and generating strong passwords that you might otherwise have difficulty remembering. If you are unfamiliar with these services, an IT management provider, like Locknet Managed IT can help ramp up the level of security and establish protocols for your staff to generate strong passwords.
How to make password management a primary step in business data security
Knowing how to create an effective password is an essential skill in today’s business world, as well as at home. Use these five tips for how to make a good password, and you’ll have a far greater chance of outwitting hackers.
