Passwords aren’t new, and over the years, we have developed some bad habits when it comes to creating and updating them. Like doing chores and keeping up with personal hygiene, passwords require continual refreshing and updating to stay effective.
How Hygienic are Your Passwords?
With so many of us relying on so many passwords every day, the development of poor password hygiene can often be a foregone conclusion. Think about your passwords for a moment; how many of them include one or more of the items on this list of insecure password patterns:
- Personal details, like your name or birthday
- Names of friends, family, or most infamously, your pets
- Commonly used words (like “password” or a favorite sports team)
- Simple keyboard patterns (like “12345” or “qwerty”)
- Repeated login credentials (like username: David1973, password: David1973)
- The minimum number of characters
Before you start changing all your passwords, let’s first go over secure password patterns and tips. First, let’s rule out some “best practices” that should no longer be described as “best.”
Outdated Best Practices
According to NIST (also known as the National Institute of Standards and Technology), the following practices aren’t all that effective any longer when it comes to secure password creation.
Alphanumeric Switching: Taking common passwords like “Password” and changing it to “p455wO2d” instead, changing letters to numerals and utilizing capitalization. While this isn’t the worst strategy, many hackers already know this tactic and have created algorisms to account for this making using such a common password far less secure than it appears.
Length Requirements: You have likely encountered this as well, as a program has kicked back your chosen password while announcing that “it is too short/long for its eight-to-ten-character limit.” According to NIST, these antiquated requirements short-change security, as longer passwords or passphrases are more difficult to crack but easier to remember than the short jumbles of random characters.
Password Hints: We’ve all been asked to set hints for our passwords before, just in case we forget them. You know the ones: “Where did you graduate from high school?” or “What was your first pet’s name?” The trouble with these questions is simple: our online habits make this kind of information easy enough to find online, especially with social media encouraging us to share pictures of our pets or announcing that we’re attending the “Educational Institution’s Class of _______ Reunion.” Instead of relying on these hints, combine multiple forms of authentication to offer additional means of confirming your identity and better secure your account.
Frequent Password Changes: Considering the sheer number of passwords we’re supposed to maintain, it only becomes logical that many users become lazy when being required to frequently update their password. These users resort to only changing a single detail about it and calling it changed. For instance, let’s return to David1973 for a moment. If this user were forced to change his password too often, he would likely resort to merely adding or updating an easy-to-remember (and guess) detail. Therefore David1973’s password started as “David1973,” it progressed to “2David1973” to “3David1973” and so on to “5David1973.” While we are not arguing that passwords should never be changed, it is best to make sure the password is completely changed regularly and securely.
How to Create a Secure Password
Instead of using a password, per se, we recommend that you use a passphrase. For example, if you have a favorite quote or song lyric, that would be a great passphrase.
Of course, passphrases can be too long to type out, so it makes sense to use some alphanumeric switching or abbreviation to keep it memorable yet efficient. For instance:
“Carry on my wayward son” Would become “{@ry0nm7vvAyW@rd$0n”
However, the more characters, and the more complex the better. This chart illustrates how much harder it is to hack a password the longer and more complex it is:
Also consider using a password manager, you can set your long, complex password as the master access code. Then the rest of your passwords/passphrases could foreseeably be randomly generated, increasing your overall security even further. Lastly the more layers to your security the better, when available Multiple Factor Authentication or MFA is another great tool to help secure your accounts.
For more advice and assistance to help you make your passwords and accounts as secure as possible, reach out to our experts at Summit Business Technologies. You can book a call with us anytime.