You’ve probably read a lot of advice on everything you need to do to have a secure password.
Some common password recommendations include:
- It has to be at least 12 characters long.
- It should use uppercase letters, lowercase letters, numbers, and symbols.
- It’s not a password you’ve used before or elsewhere.
- Don’t use dictionary words or things that people can discover on social media, like pets or favorite TV shows.
To make things more complicated, some places will force certain rules on you (such as changing your password every 90 days) and may have restrictions that make secure password creation more difficult (such as disallowing spaces or having a maximum of 14 characters). It can begin to feel overwhelming. How are you supposed to follow all these rules and remember all these passwords?
People Are the Liability
People tend to prefer convenience over security, and may use all sorts of bad password practices. In one survey, 63% said they would change services to a competitor that makes it easier to authenticate their identity.
Most passwords are cracked through brute force (usually a program that can rapidly guess passwords until it gets them correct) or social engineering (hacking the person, instead of the password). Forcing someone to use a complex, random password can cause them to just write the password down on a post-it note to remember it. Requiring someone to change their password every 90 days can unintentionally encourage them to just increment a number at the end of the password.
Ultimately, password security lies with the users. Passwords need to be memorable and simple otherwise human nature starts to intervene—but passwords should also be long, complex, and unique or else they’re vulnerable to hacking.
The biggest step you can take toward password security is to employ the use of a password manager. With a password manager, all you need is one secure master password—the password manager remembers and generates secure passwords for everything else. It’s much easier to create and remember a single password than dozens, and with a password manager, you can easily follow any rules and restrictions each site may have when they ask to create a password.
Some popular password managers include LastPass, KeePass, 1Password, and Bitwarden. Firefox lets you set up a Primary Password for all your saved passwords in the browser, which works as a password manager as well. Remember to turn on the Primary Password, or all your saved passwords can be found in plain text.
Creating a Master Password
With only one master password to worry about, you can take a little time to make it complex enough that it isn’t vulnerable to brute force hacking and memorable enough that you don’t have to write it down somewhere where it is vulnerable to discovery. We’ve talked about what makes a strong password before, and we can build on that now.
Building a Long Passphrase
Password length trumps complexity when it comes to password security. While complexity is important, password length is the strongest indicator of how long it will likely take for a password to be cracked. Because of this, you want to create a long passphrase (a password that contains several words) instead of a standard password.
The XKPasswd generator can help you come up with a secure, memorable passphrase. It gives some tricks to use to come up with a passphrase.
Here are 5 steps you can use to create a great password:
- First, you will want to choose some normal words. I’ll use the words from the classic XKCD password comic as my working example.
correct horse battery staple
- Since you will want uppercase letters too, I’ll make every other word all uppercase.
correct HORSE battery STAPLE
- Next, choose a special character to separate the words. Some places limit special characters in passwords; for example, IBM only allows !, @, #, $, %, ^, &, and *. I’ll pick #.
- Now you can append a number to the beginning and end of the password. I’ll use 1776 as a memorable inspiration and split it.
- Finally, you can append a different special character several times to the end of the password to pad out the length and complexity of the password.
According to the zxcvbn password strength tool, this password would take centuries to crack, even with a tool that could guess ten billion passwords a second. It’s also easy to remember, so you wouldn’t need to write it down where it could be seen and stolen.
Now you have all the tools you need to create a secure master password that is impossible to crack with even the most powerful password-cracking tools. If you never write your master password down and never give your master password to anyone, you will keep all your passwords protected. Choose a password manager that you like and trust and begin safeguarding your accounts today. For more help improving your security online, contact the experts at Hall.