What makes a good password?

This may not be a question you ask yourself very often, but you should.  Passwords are the gatekeepers to the library of your life on the internet. They keep prying eyes away from your bank accounts, email, social media, etc.   

Most people think of password security as something reserved for a corporate computer user.  However even with corporate password management policies provided by IT staff, we find that most users will either set a password that is far too simple, write it down or store it in a place that is usually not very clever, like a notebook full of passwords, sticky note under a keyboard or in a word document on their desktop.  

The most BASIC security requirements for most passwords across the internet is a minimum of eight characters, which often include the use of four different character sets. A lower-case letter, an upper-case letter, one number, and 2 symbols. Most people who have worked in the corporate world are very familiar with this concept. 

What if I told you that is not enough?  With today’s computing power, depending on the complexity of the eight characters, it can take anywhere from less than a second to a few hours to crack an eight-character password. 

For a comparison, an attacker using a straightforward brute force attack would take 2 seconds to crack the password “letitbe”, as opposed to 24 hours to crack the password “L3t1tb3!” 

How do we combat this and still be able to remember our passwords?  There are a few basic rules for creating passwords and some tools that can make your life easier.  First, let’s go over some rules. 

Don’ts 

1. Stay away from sequential lettering or numbers (ex. Qwerty or 1234). 
2. Don’t use common words or phrases (ex. Luke Skywalker or “May the Force be with you”). 
3. Repeating characters (ex. yyyyy33333). 
4. Don’t use the same password for two different applications or websites. 
5. Don’t share your password or user account with anyone. 
6. Don’t write it on a piece of paper. 
7. Don’t save it in a plain text document (like a word or notepad file). 

Do’s 

1. Create a password that is ten or more characters including uppercase, lowercase, symbols, and numbers.   
2. Change your password at least every six months. 
3. Use look-alike characters to protect against prying eyes (ex. O as in Orange and the number 0, or lowercase l and uppercase I). 
4. Use a password generator to create unique passwords. 

Now that you’ve decided to create UNIQUE passwords for each site you log into, what tools are there that can help you remember them all? I encourage you to investigate the use of a password storage application.  There are several open source and paid options (e.g. KeePass or LastPass).  

Also, when possible always use two-factor authentication.  Two-factor authentication requires not only your username and password to access websites but also another code that is often in the form of a text message sent to your smartphone.  

As always, Movaci is here to help.  If you have any questions or need some advice on password tools and tips, feel free to email us at sales@movaci.com.