Passwords are a necessity for everyone. If your device isn’t password protected, then it’s not secure. With many people now using devices for both the home and the office, the risk of a security breach now doubles. You may commonly hear experts suggest to use a password generator and to store those passwords within a password manager, but which method is the best and are these methods secure?
What Makes a Secure Password?
Let’s first start with what makes a password secure. The key to a secure password lies in the length and complexity of the characters used. Password generators can easily create these long, complex passwords for you, and a password manager will be able to store them so you won’t forget. In general, the requirements for a secure password include uppercase and lowercase letters, numbers, symbols, and a length of at least 16 characters (preferably 20). Passwords should not use common dictionary words or combinations of words, as these are easily guessed. In addition, it’s not all about password strength but repetitive use as well. If the same password is used for multiple sites, all your logins will become compromised even if just one password is hacked.
So, what’s the best way to stay secure and remember your password? Unless you have the memory of an elephant, remembering every password, pin number, and security question is near impossible. This is why password managers are used. However, to create a password and remember the ones used frequently, the best method is to generate a unique “passphrase.”
The Passphrase Method
One interesting way to create a strong, secure password is to use the first letter or number of a phrase. For example, a random phrase such as “Unicorns are mythical creatures with 1 horn, 2 eyes, 4 legs, and valued at $1 million,” would create the password Uamcw1h,2e,4l,av@$1m. It uses the typical requirements for a secure password but is generated by a random phrase you’ll (hopefully) remember and hackers can’t easily guess.
You can use phrases with personal information such as “I live in Boston on 123 Main Street. My rent is $700 a month.” While these are easier to remember, for additional security, it’s recommended to use a completely random phrase to avoid the chance a hacker may guess your password using your personal information.
Password Methods That Don’t Work
There are a number of other ways to create a memorable password, but many of these methods don’t generate very secure ones. For example, using a combination of random words like LizardSantaDeskPoke may seem difficult to guess by a random person, but algorithms used to crack passwords can easily figure this out. Even if you decided to use these words in another language, it’s still considered a dictionary word. In addition, capitalizing the first letter of every word doesn’t make it any more secure than if they were all lowercase. If you think using numbers and symbols in place of letters will fool a hacker, think again. Algorithms look for these patterns in passwords as well and will test for symbol and letter replacements. A password such as wootpatswin! is no more secure than W00T!P@tsW1n!.
Using a Password Manager
It’s never suggested to use the same password for multiple websites and to always enable two-factor-authentication if possible. Many social media website now have this security feature available. Because you’ll have a number of passwords and logins, you will want to consider a password manager. A password manager will be able to securely encrypt and store all your complex passwords, and even generate them for you if you prefer. There are several types of password managers, including cloud based platforms allowing you access from multiple devices, or local password vaults which will only be available on the device it’s installed on. The type you choose is dependent on your needs and requirements.
Password managers are popular targets for hackers...if they can hack one password they will have access to them all. For this reason, the master password for your password manager needs to be the most complex and secure password you create. Remembering one, extremely strong password for your password manager can be more effective than trying to create unique, memorable passwords for each website. Many of us struggle with security vs. convenience. It’s easier to use simple passwords or create variations of one password. Hackers are smart and will guess these types of passwords easily. It’s worth the effort to create a secure password than to hope you’ll never become an easy target.
Of course, it’s important to remember even the best password can be hacked. Many hackers start by systematically checking all possible password combinations until the correct one is found. If the hacker already has an idea of what your password might be or the letters and numbers it might contain, this process becomes easier to execute. However, it’ll take much longer to guess Uamcw1h,2e,4l,av@$1m than Password1234567!, hopefully making it more difficult for the cybercriminal to crack your password and leave you enough time to change it and monitor for suspicious activity should you be notified of a breach.
Join us for National Cyber Security Awareness Month to learn more tips and tricks for staying safe online!