At some point, we’ve all experienced that dilemma that comes with choosing a new password. Whether the account is for access to business data, personal financial data, or private resources, we’re left with trying to decide if we should provide a weaker password that is easier to remember or a stronger password that we are more likely to forget in the name of protecting our data. If you continue to face that quandary as you define new accounts or change your passwords, here are a few things to consider that might help in defining secure passwords that can be used effectively.
First, all passwords should be at least eight characters in length. Simple math logic dictates that in general, the longer a password is, the harder it will be to guess for any attacker. A common practice for making long passwords easier to remember is to use a pass phrase. You can use the first letter of each word in a phrase, a song lyric, or a favorite quote to create easy to remember yet non-sensical passwords. “Four score and seven year ago, our fathers brought forth” can become “Fs&7yaofbf” – which is a ten character password that can still be remembered and recreated after you have finished reading this refresher.
Second, all passwords should contain a variety of upper/lowercase letters, numbers, or special characters. Using this tip to expand the number of possible values within the password can make passwords considerably harder to compromise. Consider that a password of “password” and a password of “Pa$$w0rD” are both eight character passwords, but clearly one will be harder to compromise than the other. It is much harder to brute-force attack an eight character password that has almost one-hundred different options for each character than a password of the same length that has only twenty-six options for each character.
Third, a common expression in password management is that you should treat your passwords like your toothbrush – “never share it with anyone and change it regularly.” The problem with sharing a password, whether for support or to allow someone to temporarily use your system, is it provides potential malicious users with insight into the personal pattern you use for creating passwords. If you share that your secure password is MyDogI$R3x, then it becomes worth noting to the malicious user that you have decided at least once to tie a password to the name of a pet. If you have reused that password on other systems, or used a similar process to create other passwords, the process of guessing becomes much easier.
Lastly, there are several common sense points worth reiterating when it comes to securing passwords.
- Do not write down your passwords. If you need to store seldom used passwords for future reference, use a free encrypted password storage utility, such as Passkeeper.
- Do not use dictionary words, your username, or family names as a base for your password.
- Do not use any of those taboo categories supplemented with just a number at the front or back of the word to try to make it more secure.
- Do not send your password via email. Of course, this overlaps with never sharing your password with anyone, but is important enough to mention again.While no method for creating passwords manually will be as secure as random One-Time Passwords (OTP) that many people have used for access to more secure systems, following those simple guidelines can help to minimize risk, help you remember secure passwords, and move you along the path of having better security habits.
For more information regarding Best Practices in password security or the One-Time Security (OTP) options, please contact your Keller Schroeder Senior Account Manager.