Written by Chris Thornton
We’ve all heard it a million times, but it bears repeating: as much as they are a pain in the ass, a strong password is the very first line of defence when it comes to your personal & business IT security. Until biometrics have become advanced enough to replace the need for passwords altogether, they are something we all have to deal with. Sorry!
In the end, no matter how many high tech solutions are put in place to combat against cyber-attacks a weak password will invariably render them pointless, and worse, a waste of money. Creating a truly strong password is far more complicated than people first think, so the result is often a simple, easy to remember and ultimately insecure password that they’ve used before on their Amazon, Facebook and online banking accounts.
Years of experience have shown me that when it comes to cyber-security, the word ‘complexity’ can be subjective. To some ‘P@ssword1’ is complex as it contains upper and lower case, a special character and a number. So you’re safe, right? Well, in reality, for a hacker, ‘P@ssword1’ is no more difficult to crack than just having ‘password’. To others, strings of randomly generated letters, numbers and special characters are complex – but remember, you’ll probably have to write it down or save it somewhere unsecure, so what’s the point?
Don’t be fooled into thinking the only type of secure password looks something like this:
Ok, so while I do have to admit that this password is complex and it’s going to be very difficult for somebody to crack, the truth is that it’s not going to be practical for day to day use, especially when you’re having to enter it more than once just to get on with your work! In the end, you’ll end up either forgetting it altogether and requesting a new one, or, by the time you’ve memorised it you’ll be prompted to change your password and begin the whole sorry process again.
Forget the term ‘password’ and start thinking of ‘pass-words’. Single words are at risk of being cracked by a brute force dictionary attack – where hackers try one word at a time until they hit your uninspired, one-word password and break into your system. Using a combination of multiple words or phrases to increase the overall number of characters will automatically add complexity making them much harder to crack!
Pick a phrase that means something to you. The best examples aren’t always obvious, so why not choose a song lyric or a favourite line from a film? What you pick doesn’t really matter, as long as it is memorable to you!
Password Example : you talking to me
And remember, if the system you are using requires a more complex password – such as upper & lower cases, a number or a special character – you can easily adapt yours to meet all possible requirements:
Password Example : You talkin’ 2 me?
Our examples are all random enough not to be guessed using social engineering, long enough to be safe from brute force attacks but also have complexity.
Now that we’ve got a better understanding of what makes a strong password, I’m going to say something controversial: as an end user you are the weak link when it comes to your IT security. Don’t be that person who makes it easy for your system to be compromised, choose a strong password.
Keep it simple yet safe!