Why You Need a Strong Password
Whether you’re logging into Office 365 at work or signing into Amazon, Netflix or Facebook, passwords are an essential part of daily life. In this guide, we’re going to show you how to create a strong password.
Passwords exist to protect valuable information stored on personal and company devices. Passwords also protect the computer systems of companies you do business with from the attention of organised criminal gangs who wish to profit from your valuable data.
Data. Your most valuable commodity
Recently, data such as user credentials, bank details, personal addresses and passwords have become a precious commodity to online fraudsters looking to profit from the trusting nature of honest, hard working people.
The number of logins we now have to deal with every day also means we’re more likely to re-use the same password for multiple sites; a dangerous tactic that potentially lets criminals penetrate multiple sources of information at once.
Recent hacking incidents aimed at high-profile companies such as Sony, Apple and Talk Talk have highlighted a very real need for businesses to take online security much more seriously. The companies mentioned, as well as many small, less well-known enterprises, are counting the cost in lost profits, reputational damage, and loss of consumer trust.
Three Common Tactics Used by Hackers
Brute Force Attack
A Brute force attack is a method of breaking into a computer network based on a trial and error approach which attempts to guess every character of your password using hundreds of thousands or even millions of attempts. Brute force attacks are time-consuming and easily preventable with account lockout policies, similar to the ones implemented by Network ROI.
A dictionary attack is a method of breaking into a computer network based on trial and error but unlike the brute force attack, the dictionary attack uses a list of common words used in passwords. Every time a dictionary attack is successful, it adds the cracked password to it’s own database.
Dictionary attacks guess passwords much faster than brute force because they are targeting a smaller amount of commonly used passwords. Account lockout policies provide a degree of protection against these types of attack, but won’t stop them all.
Password Spraying is a method of breaking into a computer network based on guessing the username with a commonly used password. Password spraying works against lockout policies by limiting the number of attempts to break into the network against any single account. Password spraying usually targets thousands of machines at once.
Password Do’s and Don’ts
- Choose something that you can easily remember without writing down.
- Choose something that you can type quickly, reducing the chance of someone stealing your password by looking over your shoulder
- We recommend using 15 characters, ideally a mixture of upper case and lower case letters, numbers and symbols
- Use between two and four short, random words with spaces or symbols that join them together
- Use a good password generator software if you find the tips above tricky
- Use the first letter of each word from a favourite poem or song – preferably one with a long title
- Don’t use your name, company name or something personal to you that can be found on social media such as birthday, dog name, child name etc.
- Don’t base your password on something located close to you such as mouse, monitor, keyboard etc.
- Never use the word password in any form. e.g. ‘Pa$$w0rd’ or ‘pa55word’
- Don’t use a word found in the English dictionary, or a foreign one for that matter
- Don’t use a simple keyboard sequence such as ‘qwerty’, ‘zxcvbnm’ or ’abcdefg’
- Don’t use the name of your favourite sports team actor or musician, especially if that information can be easily found on social media
- Never use a password based on your name, account name, username or email address
- Don’t simply double up on a word. e.g. ‘bookbook’
- Don’t reverse a word. e.g. ‘koob’
- Don’t rely on adding numbers to replace letters in common words such as ‘5pac3man’ or ‘m0n1tor’
Here are some examples of both good and bad passwords. the trick is to find something that is both memorable, but difficult for a machine to guess. The example at the bottom will be extremely difficult for a machine to decipher, but also difficult for you to memorise.
Also, never use the actual examples shown in any password resource as there is a good possibility they have been added to a criminal database somewhere.
There are lots of great resources available to help you manage passwords for both business and personal logins. Here are some examples of commonly used password generators and management tools.
xkcd generator – http://preshing.com/20110811/xkcd-password-generator/
xkcd generates four random words with spaces in between to create almost unbreakable passwords. It also includes a cartoon that explains how the system works.
Diceware Passwords – http://www.dicewarepasswords.com/
If you are a fan of tech startups, there are few tech entrepreneurs younger than 11-year-old Mira Modi. You can send her $2 and she will create a virtually uncrackable password for you using the diceware method.
Lastpass – www.lastpass.com
Lastpass is a popular management tool that stores your encrypted passwords in the cloud. Lastpass works across all your devices and can be accessed as long as you have an internet connection.
KeePass – www.keepass.info
KeePass is a free, open-source manager that keeps your passwords in a database that you secure using a master key or a key file. You only have to remember one master password to gain access to your vault. Remember to follow the tips above to make it strong, or crooks will have access to all your information!