Password Principles to Remember

Passwords have always been a sore point for IT professionals, everyday users, and everyone else in between. In a report recently released by LastPass, business employees have an average of 191 passwords that they use. With numbers like that, it’s easy to see why passwords are such a headache for everyone.

I’m sure you’ve heard of “the rules” before:

  • One uppercase letter (A-Z)
  • One lowercase letter (a-z)
  • One numeric character (0-9)
  • One special character from this set: ` ! @ $ % ^ & * ( ) – _ = + [ ] ; : ‘ ” , < . > / ?
  • Use a minimum of 8 characters
  • Don’t use any part of your email address, first, or last name
  • Don’t repeat multiple characters in a row (“aaa” or “888”)

Unfortunately, following these rules aren’t always enough to prevent your password from being cracked. There are many ways that an attacker can crack your password. Some of these include brute-force attacks, dictionary attacks, the use of rainbow tables, and many more. By utilizing these different types of attacks in conjunction with each other, an attacker can find out a password in less than a day if it only meets the bare minimums mentioned above.

With that in mind, let’s take a look at how to construct more secure passwords.

First, length is generally more important that complexity. Remember, a simple but long password is harder to crack than a complex and short password. For example: ThisIsMyS1mpleButLongP4sswrd would be more secure than than $up3r*B! would be. Notice how the first password switched out some vowels for numbers and the “o” was omitted from password. Length trumps “complexity”. This is just a matter of computers becoming more an more powerful every year which causes shorter passwords to become less and less effective.

Secondly, stay away from common dictionary words. As mentioned earlier, one type of attack is a dictionary attack. This type of attacks tests for common words used in passwords. It’s a not a good idea to incorporate words like passwordblue, or baseball in your password.

Third, try incorporating spaces and misspellings into your passwords. Instead of ThisIsMySimpleButLongPassword,  try This Is My S1mpIe But Long P4sswrd. Just by including spaces, 6 extra characters have been adder to your password. Not all systems or websites will allow for spaces to be used, but nowadays most should allow it.

Finally, use long and complex passwords. Yes, long passwords are generally more secure than shorter, more “complex” passwords, but you should incorporate the best of both worlds. One way to easily do this is to use a password manager such as LastPass. By using a password manager all you need to do is create and remember one long, complex master password. This password will then be used to lock down all of your other passwords within an encrypted file. Since your passwords are stored within this encrypted file, you can then make your passwords as long and complex as you want and you no longer have to commit them to memory. One thing to keep in mind, though, is that if you lose your master password, it’s impossible to recover you passwords. This is a testament to how secure password managers can be.

For more information on password manager, check out the following link. Consumer Reports gives an excellent overview of what they are.

At the end of the day, nothing is ever completely secure. But don’t let that resign you to bad password habits because you think it’s futile and that someone will gain access to your accounts eventually regardless of what yo do. Good password management is the easiest and most effective way that everyone can protect their accounts. Use the advice discussed in this article and take security into your own hands.