Keep passwords long

4 min read

Passwords are our way to get into almost all our online accounts, from social media to emails, but how would we know if the ones that we are using are strong enough to withstand repeated hacking attempts.

The usual advice is; keep your passwords long, complicated, and hard to guess. A longer password composed of unconnected words can be difficult to remember, which is why using a password manager is always good. You can use the password manager to start generating random passwords, and stop worrying about strength and uniqueness because that has already been taken care of.

On the black market, stolen passwords are a commodity that are easy to sell, buy and trade. The reason t they are so valuable is because cybercriminals know that the average user would rather reuse the same passwords, on multiple sites, for a long time without changing them  rather than try to memorize new passwords. For example, credit card numbers are only valuable for a short period of time, however the window of opportunity for cybercriminals to successfully steal passwords can be quite big, if left unchanged for too long.

Some of the most common passwordsare “123456,” “password,” “12345,” “abc123,” “prince” and “login.” While they are certainly memorable, they will fail in the uniqueness category. They are certainly not strong passwords! Some users think they are brilliant by adding variations such as substituting the letter “o” with the number “0” for example, “passw0rd” is another popular choice, but cybercriminals are just as smart, and they will try the multiple variations of all the popular passwords. Unfortunately, in this time and age cybercriminals have various automated tools that they can use , making the process of cracking passwords very fast and efficient. (Tripwire 2020)

According to Sekhar Sarukkai a Co-Founder and the Chief Scientist at Skyhigh Networks; ”Two of the major breaches in 2015 are great examples of how dangerous weak or stolen passwords can be. In the case of Anthem Medical Inc., cybercriminals succeeded in their attack after using the stolen passwords of a few employees. Similarly, a government employee’s stolen password was used to give cybercriminals access to the massive database of the Office of Personnel Management (OPM). Compromised passwords can have serious consequences, incurring million-dollar losses to companies and since many people use the same passwords both for personal and company accounts, this is the perfect time to review best practices for setting strong passwords.” (Tripwire 2020)

Tips for setting a good password are; length, variety, readability, memorable, and personalization or uniqueness. Don’t use your name, don’t use your birthday especially if it’s displayed on your social media, and don’t use pet’s names. Try to make sure that your passwords are hard to guess. The advice is to come up with passwords that are not predictable, guessable, or easily hacked. Think about it, a 4-character password offers far fewer combinations than a 14-character one.

Password length is very important, 14 characters is a good minimum length to aim for if you are setting a new strong password. However, if it is difficult just use a password manager. Most importantly, change your password every few months.

Author; Bennerick Samson, Technical Sales Engineer

References

TRIPWIRE, I.

Lessons From Recent Hacks: Creating Strong Passwords

Your Bibliography: Tripwire, I., 2020. Lessons From Recent Hacks: Creating Strong Passwords. [online] The State of Security.

Share