How to Create Strong Passwords and Securing Your Passwords
Image by Adobe Stock
Our lives are increasingly becoming intertwined with the digital space, and the necessity of digital and cyber security has exponentially risen as well. With the rise of cyber attacks, the significance of strong passwords cannot be overstated. Strong passwords act as the first line of cyber defense for our digital fortress, which includes digital devices, email accounts, financial accounts, social media accounts, e-commerce accounts, and more. Let's explore the critical characteristics of strong passwords and how you can create strong passwords for your accounts.
What is a strong password?
A strong password is one that a person or a system finds hard to guess. As stated above, passwords offer the first level of security where authentication and authorization procedures are required. Consider a user called Emily, who was born in 1992. If Emily's choice of email password is Emily1992, it is considered a very weak password as it is made up of characters that are easy to guess, not only for programs but people. Just like Emily, people often select very weak passwords for their accounts.
Nordpass published the most common passwords in 2022, whose report stated that the top 5 most common passwords are:
password
123456
123456789
guest
qwerty
Furthermore, according to the 2022 report, the most common passwords in the United States (US) are guest, 123456, password, 12345, and a1b2c3. In the United Kingdom (UK), the most common passwords are password, 123456, guest, liverpool, and qwerty.
In cybersecurity, there is an emphasis on users creating strong passwords, and some programs and applications actually implement checks on a user's password input to ensure it meets the application's strong password requirements. Let's look at the characteristics of strong passwords from a general perspective.
Characteristics of Strong Passwords
1. Length: The length of characters is considered a significant metric while deciding if a password is strong. Google recommends that passwords should be at least 12 characters long. The general recommendation is that passwords should have a minimum length of 8 characters - the more characters, the better.
2. Complexity: A strong password should have a mix of letters (a, b, c …), numbers (1, 2, 3..), and symbols (ASCII-standard characters such as !, @, #, $, %, &). Adding a mix of letters, numbers, and special characters adds to the complexity of a password, making it hard to guess; hence making it stronger.
3. Unpredictable: A strong password should, obviously, be hard to guess. Avoid using personally identifiable information (PII) such as names and birthdays, common words such as cities, brands, movies, food, and celebrities, and a common sequence of characters such as qwerty, 12345, and 654321. Further, avoid using dictionary words such as treehouse, princess, sunshine, etc. Further, avoid associating your passwords with you. For instance, it is not recommended to use your children's birthdays and names as passwords, your pets' names, your nickname, and such.
4. Unique: With our lives revolving around the digital space, from banking and finance to email accounts to smart devices to online platforms, we are required to create tens of accounts. Since a password should be a combination of characters that is easy to remember, there is often a temptation to reuse passwords. However, for a password to be characterized as strong, it should be unique. Reusing a password across multiple accounts is risky, such that if one account is compromised, a malicious actor can access any accounts that share the same password.
5. Secure: The best security is the mind. However, as the number of passwords required increases, we cannot remember them all, and the need to write them down rises. Writing down a password is not discouraged; however, the paper with the password should be secured and not left on your desk, under the keyboard, inside a lockless or unlocked drawer, or even stuck to your monitor. For a password to remain strong, it should be placed in a secure location that can be locked. Alternatively, consider using a trusted password manager for your accounts.
6. Regularly updated: It is a good practice to regularly check the status of your passwords, and update them, especially for critical accounts such as those concerning your workplace, finance, health, and government services. Further, if you sense that an account has been compromised, or a data breach that concerns a service that you use, it is recommended to update the passwords associated with those accounts.
Password Managers
As earlier stated, remembering all the unique and complex passwords for multiple accounts is quite challenging. This difficulty leads to the temptation of reusing a single password across multiple accounts and services, which is risky and undermines the strength of the password. If a hacker has access to a reused password from one account, all accounts that share the password can be considered compromised. To avoid these occurrences, a password manager is recommended.
What is a password manager?
A password manager is a software application tool that generates and stores all unique and complex passwords for your accounts. The password manager offers a centralized and a heavily-encrypted solution to passwords. As a user, you are only required to remember the master password. You can focus on remembering that one master password that should have all the characteristics of strong passwords. In modern devices, users can use biometric identifiers such as fingerprints, palm prints, facial or voice patterns. Password managers' auto-fill feature makes logging into pre-programmed accounts seamless.
A password manager can be considered a "One ring to 'control' them all" kind of solution. One master password to control all other passwords.
It is crucial to do comprehensive research on any password manager from reputable providers. Password managers hold keys to all your sensitive vaults of information; therefore, it is important to ensure that your selected password manager's features align with your privacy and security requirements.
Securing personal passwords
Personal passwords can be easily secured by ensuring that the passwords contain all the characteristics of strong passwords. These characteristics include complexity, uniqueness, length, unpredictability, and security as described earlier in the article. In addition to these characteristics, there are other practices that provide additional layers of security in relation to passwords. These are:
Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA): It is best to enable 2FA/MFA where available. Most applications today have the 2FA/MFA feature, with a few of them making it mandatory for users to enable it. 2FA/MFA enables users to provide additional sign-in data, such as biometrics or a unique code sent through SMS or email, to fully authenticate into a system or application.
Regularly check your passwords' health status: A password's health status is determined by its strength, uniqueness, and duration used. A password is considered unhealthy if it is weak, has been reused in multiple accounts, and is older than 90 days. Once a password is identified as unhealthy it should be considered vulnerable and should be changed.
Be aware of phishing scams: Users should be cautious of phishing scams that request passwords or personally identifiable information (PII). It is recommended not to click links, download attachments, or provide any information as a response to unsolicited requests made through suspicious emails, texts, and callers.
Be mindful of public internet connections (Wi-Fi / Cable): When connected to public internet such as a cafe's WiFi, it is best to avoid accessing sensitive accounts such as finance unless you are using an encrypted connection such as a virtual private network (VPN).
Securing passwords in organizations
Passwords are a critical aspect of every organization. If a data breach occurs in an organization, there can be serious consequences including intellectual property (IP) theft, theft of sensitive organizational information, and damage to an organization's reputation. Organizations are required to make key considerations to secure their systems. Some of the steps taken to ensure password security in organizations are:
Password Policy: As a cybersecurity measure, organizations are required to design, develop, and provide their employees with a password policy that contains recommendations for creating, storing, and changing passwords or workplace accounts. Further, password policies define characteristics of passwords that employees are required to adopt for their passwords. Some key recommendations are on the password length, complexity requirements, password expiration, and Multi-Factor Authentication (MFA) requirements.
Employee Training: Organizations often take the responsibility of training their users and creating awareness of password security and best practices. Through training, employees are made aware of the dangers of weak passwords, the importance of securing passwords, and how to recognize phishing attacks and scams targeting passwords.
Password Expiration: Organizations should adopt a system where employees are required to update their passwords. This feature should be integrated into an organization's authentication systems and triggered once a user's password is older than any predefined number of days, say 30. Once triggered, an employee is required to change the password before being authenticated and authorized into the system.
Incident Response and Recovery: Organizations should provide a well-defined response plan in case of a password-related incident. The most common responses to password-related incidents include disabling compromised accounts and mandatory reset of all accounts' passwords while investigations into the incidents are underway.
SIMILAR ARTICLES TO CREATING AND SECURING STRONG PASSWORDS
