Hacked passwords are the most common cause of data breaches but don’t despair, there are simple rules you can follow when creating a strong password, such as;
- Password Length – Make sure passwords are at least 12 characters long.
- Upper and Lowercase Characters – Incorporate a variety of upper and lowercase letters from start to finish.
- Numbers (0-9) and Symbols – Include a mixture of numbers and symbols throughout.
Avoid single-word passwords
We know Microsoft is trying to protect us from hackers but remembering these complex passwords is a difficult task. Most people will use something familiar to them to create a password like a child or pet’s name, the current month or their car registration. This practice makes the password easy to remember however it also makes the password very easy to crack.
For example, growing up I had a pet dog called Ben, now if I were to use his name as my password (including the capital “B”), any password cracking type of program would break this password almost instantaneously. Any word in the dictionary used as a password would also be cracked instantly as most password cracking programs use the dictionary as the first method to try and crack the password, so please avoid using standard words or common names.
Add numbers to your password
My next step would be to add numbers to the password, the most common way to do this would be to replace the letter that almost looks like a number i.e. the password Ben would become B3n Using the same password cracker tool this password would be revealed in about 14 seconds! The result isn’t good.
Add a symbol
Following the rules above for complex passwords, I decided to add some symbols to my password. The easiest way to do this and to make it memorable is to surround the familiar password with some form of brackets or quotes, i.e. use the Symbols “ ‘ () {} or [] “ so now my password looks like this: {B3n}
Make sure your password is over 12 characters
Utilising the same cracking tool, this would take about 5 days to crack, much better but still not great. The password {B3n} is now 5 characters long, still too short to be considered secure, so I add !! {B3n}!! again a hacker would crack this in a matter of days.
The aim is to make sure the password is strong enough to last the amount of time under a cracking tool before the system you are accessing requires a password change. I decide to increase the number of characters by adding the year my dog was born, so the password looks like this: {B3n1991}!!!
This password is still memorable to me and has 12 characters but now the cracking tool would take much longer to crack the password!
Try and make the password as long as you can with a mix of symbols and numbers, as you can see from above, increasing the number of characters makes a big difference.
Disclaimer: None of the passwords in the example above is actually in use. The times to crack passwords are estimates and are generated by an online secure password testing tool.
Our magic rule for making a strong password
Two nouns, special symbol and 2 digits
In today’s world remembering which password you use for what can almost be a full-time activity and can be immensely frustrating when the system you are accessing says you have to change it frequently (surely not, I only changed the password last week??). Best practice suggests you should use a different password for every website you access and that password must be complex. Vendors like Microsoft are now enforcing complex passwords for their Cloud Services such as Microsoft Office 365.
Using a password manager is the simplest way to keep track of and create secure new passwords. However, refrain from using those built into web browsers to help you with this. Password managers not only help us to steer clear of bad habits, like recycling the same password again and again (with slight variations) but also generate random 16 character passwords for any site you use.
Of course, sorting all of your passwords into one place means that you must create a master password to unlock your manager. Reviewing all that we have learnt, passwords created with a minimum of 12 mixed character and symbols are among the most secure.
In the ever-evolving landscape of cybersecurity, the integrity of personal data hinges on the strength of passwords. By embracing the principles of complexity, uniqueness, and randomness, individuals can erect formidable barriers against unauthorised access and safeguard their digital identities.
As the guardians of our online security, it is incumbent upon us to remain vigilant, fortifying our defences against the ever-present threat of cyber intrusion. So, whether crafting passwords or deploying password managers, let us forge a united front in the ongoing battle for cybersecurity resilience.