How’s Your Password Hygiene?
I’m not sure we need to tell you how important passwords are: they are the front-line defense to most of the accounts you create. What is often overlooked is the strategy of how to use a password to successfully protect accounts and data. Today, we will discuss best practices when creating and managing your passwords and how you are likely approaching your password strategy improperly.
Creating Strong Passwords
It’s true that passwords can be a pain to manage. Anyone who has been locked out of an account because they can’t remember their password knows this all too well. That’s why it is important to create passwords that are both easy to remember and that are secure enough to protect you. Cybercriminals have tools at their disposal that do a pretty good job of being able to crack passwords, so you need to keep that in mind when you are choosing yours.
As you set out to create your passwords, you should keep the following two points of emphasis in mind.
- A hacker may try to brute force attack any password that cannot be guessed or cracked, rapidly trying each combination possible.
- A password’s security and its resistance to brute force attacks are two different things.
Brute force attacks can really be devastating, but when you create your passwords, you have to keep in mind that any hacker with the will to brute force your computing network and left with the time to complete their hack, will likely find a way into your network. What you are doing when you are selecting a strong, memorable password is trying to make certain that the only way they are cracking your password is through brute force.
Typically we like to encourage that your passwords meet the following metrics:
- Are longer, typically over 16 characters
- Use a combination of numerals, letters (with upper and lower case characters), and symbols
- Don’t use privileged or personal information, or any information that can be tied to you through online searches
- No common words or numbers
- No consecutive letters or numbers
So How Do You Optimize Your Password’s Effectiveness?
With those practices, you will be pretty far along, but you also have to understand that the hackers’ tools are extremely powerful. That’s why on top of those suggestions, you will also want to add some complexity to your passwords. Studies have shown that about 41 percent of all passwords are composed exclusively of lowercase letters. If we have access to this information, it stands to reason that someone who makes a living breaking into networks and stealing data knows it as well. Therefore, along with adding symbols, varying cases, and numerals, one strategy is to use a passphrase of random words.
The reason for this is that, with a password that looks like this “7i&3RkIn&4L1f3” the chances that you remember it if you use the account sparingly is pretty low. Besides, it is not that secure, as it is effectively a complex sentence. Remember, the hacker has to get your password completely correct to effectively gain access, so instead of trying to come up with intricate ways of typing statements that can be easily guessed, try taking three words that don’t have any natural connection, incorporating numbers and some varying capitalization, and padding either side with symbols.
A process like this makes the password more usable. It very likely won’t be guessed, is long enough to protect your account, is effective against the brute force attack, and will be easier for you to remember.
Speaking of which, since you shouldn’t use the same password for multiple accounts, you will end up with dozens of passwords. Keeping them straight, especially over the long haul (as you will likely have to reset passwords from time to time), is difficult. That’s why we recommend using a password manager. Many people take advantage of the password saving feature inside their browser. This is effective, but we recommend using a third-party manager that features encryption. This tool will be the most secure and reliable; and, you won’t have to worry about remembering every password.
At Directive, we consider cybersecurity one of the most important parts of a business’ IT strategy. Give us a call a 607.433.2200 to see how we can help you keep your IT assets safe.