06/15/2018

Poor password. It’s the weakest form of authentication and yet the most widely used. We have passwords for everything and to help give them a security boost, we’re expected to create crazy-complex pseudo-random strings of numbers and letters that don’t use anything resembling a word along with Martian gibberish making them impossible to remember. Then come up with a different one for every single place that uses a password?!

How is all that “security” going to help when you can’t remember the passwords? Writing them down, re-using them, swapping out a single character when they need changing every few weeks… all factor in to making that password less secure. But here’s some good news – your passwords don’t have to be crazy and difficult to remember to be secure.

The truth is when it comes to passords, complexity is important but length is better.

Computers can be programmed to crack common formats for passwords, programs can look for dictionary words, common names, etc. and combinations of symbols and numbers. The fewer characters you have, the fewer combinations a program must try before discovering your password.

A typical complex password might look something like this: Ch0col@te8%.

Based off of a dictionary word, there are a few characters swapped for symbols and numbers then a couple more random characters added at the end. It meets complexity requirements but it’s also hard to remember. Plus, it’s crack-able in about 3 days. Compare that to a simple, random, and easier to remember four-word string like carrot fiddle burgandy tomcat. Crack-able time?550 years. More characters equals more time for the program to attempt all possible combinations. It might be time to re-think our password strategies.

A common technique is using a passphrase, making it easier to remember than a combination of random words. You should still avoid any personal information in your passphrase (like family and pet names) but you can make it easier to remember.

For example you might use: I!hat3@changing#Passw0rds!

(I hate changing passwords). Substitute some of those “complex” characters in spots you’ll remember. The passphrase meets complexity requirements and is 25 characters.

So what to do about having passwords for a thousand sites? If your password is compromised in a breach it’s possible that it is available for anyone who can find it (or pay for it) on the DarkWeb. Without using password variations, one stolen password could lead to everything from FaceBook to your bank account being compromised. To help, there are many password management and storage programs you can use both on your computer and mobile devices. They securely store passwords, plus you can copy and paste easily into programs and websites without having to remember every single one.

For more information on passwords or password storage, feel free to contact a member of the Involta security team for assistance.

To see if any of your accounts have been compromised in a breach, get secure password information and set up alerts, check out this site: https://haveibeenpwned.com/

Email soc@involta.com with questions or security concerns.

Be safe and happy clicking!

Related Resources

BlogBlog

Involta Insights: An Exploration of Customer Experience

Enter go to Blog : Involta Insights: An Exploration of Customer Experience
BlogBlog

How to Dodge Common Potholes Along Your Highway to Digital Transformation

Enter go to Blog : How to Dodge Common Potholes Along Your Highway to Digital Transformation
BlogBlog

Sales Kickoff 2021: The Power of Involta

Enter go to Blog : Sales Kickoff 2021: The Power of Involta
BlogBlog

People Who Deliver: Spotlight Interview with Sofie Lenzen

Enter go to Blog : People Who Deliver: Spotlight Interview with Sofie Lenzen
BlogBlog

Create an Edge to Innovation with Involta

Enter go to Blog : Create an Edge to Innovation with Involta
BlogBlog

Involta in 2020: A Year of Milestones, Partnerships, and Community Service

Enter go to Blog : Involta in 2020: A Year of Milestones, Partnerships, and Community Service

Stay up to date with the latest from Involta

We use cookies to offer you a better web experience? By continuing to use our website, you agree to the Privacy Policy.