Poor password. It’s the weakest form of authentication and yet the most widely used. We have passwords for everything and to help give them a security boost, we’re expected to create crazy-complex pseudo-random strings of numbers and letters that don’t use anything resembling a word along with Martian gibberish making them impossible to remember. Then come up with a different one for every single place that uses a password?!
How is all that “security” going to help when you can’t remember the passwords? Writing them down, re-using them, swapping out a single character when they need changing every few weeks… all factor in to making that password less secure. But here’s some good news – your passwords don’t have to be crazy and difficult to remember to be secure.
The truth is when it comes to passords, complexity is important but length is better.
Computers can be programmed to crack common formats for passwords, programs can look for dictionary words, common names, etc. and combinations of symbols and numbers. The fewer characters you have, the fewer combinations a program must try before discovering your password.
A typical complex password might look something like this: Ch0col@te8%.
Based off of a dictionary word, there are a few characters swapped for symbols and numbers then a couple more random characters added at the end. It meets complexity requirements but it’s also hard to remember. Plus, it’s crack-able in about 3 days. Compare that to a simple, random, and easier to remember four-word string like carrot fiddle burgandy tomcat. Crack-able time?550 years. More characters equals more time for the program to attempt all possible combinations. It might be time to re-think our password strategies.
A common technique is using a passphrase, making it easier to remember than a combination of random words. You should still avoid any personal information in your passphrase (like family and pet names) but you can make it easier to remember.
For example you might use: I!hat3@changing#Passw0rds!
(I hate changing passwords). Substitute some of those “complex” characters in spots you’ll remember. The passphrase meets complexity requirements and is 25 characters.
So what to do about having passwords for a thousand sites? If your password is compromised in a breach it’s possible that it is available for anyone who can find it (or pay for it) on the DarkWeb. Without using password variations, one stolen password could lead to everything from FaceBook to your bank account being compromised. To help, there are many password management and storage programs you can use both on your computer and mobile devices. They securely store passwords, plus you can copy and paste easily into programs and websites without having to remember every single one.
For more information on passwords or password storage, feel free to contact a member of the Involta security team for assistance.
To see if any of your accounts have been compromised in a breach, get secure password information and set up alerts, check out this site: https://haveibeenpwned.com/
Email soc@involta.com with questions or security concerns.
Be safe and happy clicking!