Strong and Secure Password Guidance and Tips

Love them or hate them passwords have been around for quite a while now securing access to our applications and systems and they look like they’re here to stay in one form or another. Passwords are the one thing we always get asked about by our clients on every project we’re involved with and in particular what is good practice around choosing strong and secure passwords.  

We use passwords constantly every day to log into all different types of business applications and online systems, our bank accounts and social media and let’s face it passwords can be a real pain.

Are you guilty of password complacency or password inadequacy? I think quite a few of us out there can probably answer yes to this question we could all learn to be savvier with our passwords to protect ourselves and our data online.

According to password industry studies the most common passwords are still believe it or not passwords like “123456” and “password123.” This is pretty shocking and although they might be easy to remember, they are also a hacker’s dream, would we be as careless as leaving our houses with the doors and windows open, well passwords like these above are pretty much the same thing. 

Simple passwords are relatively easy to crack and then extremely easy for hackers to access all your private data. 

Here are our top tips and guidance for ensuring that your passwords are as secure as possible.

Make Your Password Long

Most passwords used have 8 or fewer characters. You might be thinking “oh no I will never remember long passwords,” but a hacker will use multiple methods to try and crack your passwords and access your accounts. The most basic method is that they would manually type in a number of common passwords such as good old “password123”. If this doesn’t work, hackers often use brute force software which runs through multiple combinations of passwords. The longer and more complex your password, ideally 12-18 characters, then the longer the brute force process will take and the less likely it is that your password will be cracked.

Make Your Password Random 

Long random passwords are way more secure. Our favourite method for devising a password is to use some lines from your favourite song, such as “It was twenty years ago today Sergeant Pepper taught the band to play” and you would have a password of ‘Iwtyatspttbtp.’ or “I was happy in the haze of a drunken hour but heaven knows I’m miserable now” equates to ‘Iwhithoadhbhkimn.’ I bet The Beatles and The Smiths never knew that one day they would be writing such great passwords!!

Include Numbers, Symbols, Upper Case and Lower Case

Randomly include numbers and symbols together with upper- and lower-case letters and your password becomes even stronger.

Avoid Using Personal Information

Personal information can be readily available and easily discovered on your social media accounts such as your family and pets name, birthdays, favourite football teams etc, so avoid using details like these in your passwords.

Do Not Re-use Passwords!

Use unique passwords for all your accounts and do not use the same passwords over again when you are prompted to change a password. Most secure systems won’t let you do this anyway but if you can get away with re-using passwords it’s not worth the risk. 

Use a Password Manager

Password managers such as 1Password, Dashlane or Apple iCloud Keychain will generate and store strong passwords on your behalf. Your passwords are kept in an encrypted format which you can access with a master password. This will make your life much easier especially if you find yourself needing to reset passwords constantly because you can’t remember them. Many password managers are either free to use for a certain number of passwords or relatively cheap and come with optional features to help you manage your multiple passwords. 

Keep Your Passwords Private

Never share your passwords with anyone else and don’t type passwords into your device if there are people around that could see what you are typing. You can never be too careful. And don’t keep a list of your passwords in a notebook. This is an accident waiting to happen. And losing your notebook doesn’t bear thinking about. 

Change Your Passwords Regularly 

Changing your passwords on a regular basis is good practice. Get into the habit of changing passwords every 6 months. If you use a system that doesn’t prompt a password change then make it your business to change it yourself. If you think your password has been compromised, then change it immediately. 

Good Strong Password Example

So, to put into practice the password guidance that we’ve recommended, what would be a good example of a good strong password? 

Let’s go back to The Smiths again “I was happy in the haze of a drunken hour but heaven knows I’m miserable now” equates to ‘iwhithoadhbhkimn’ we could then capitalise some letters ‘iWhItHoAdhkimn.’

Add in some numbers and a symbol at memorable points ‘1Wh2tH0Adhbhk3mn%’ and straight away we’ve got a complex, long and random password that’s relatively easy to remember by just implementing a number of simple rules throughout the password. 

Now you might not want to go to this level of complexity for every password you use but you might want to use a password this complex for your internet banking or for your master password for your password manager and you’d be surprised how easy a complex password is to learn or you can apply certain rules to generate and remember the password. 

Conclusion

Hackers are always going to be out there trying to crack our passwords, but we can make their task much harder by taking this password guidance and tips on board and keeping our data more secure. You could go a step further and use two factor and multi factor authentication but let’s cover that off in another blog. Just remember to use a password that is long, random, unique, and private and treat your password like your toothbrush, don’t let anybody else use it and get a new one every 6 months.

Contact Romano Security Consulting today and let us help to secure your organisation.

T: 01625 315 021

E: enquiries@romanosecurityconsulting.com

Previous
Previous

ISO 27001 2022 Update

Next
Next

SOC 2 Audit FAQ - Part 3