Since most of our business systems and their data are either accessible remotely or are cloud based services over the internet, it has never been as important as now to make sure your passwords are strong passwords and are kept secret.
We all know how painful it can be to not only remember passwords for an ever increase number of systems, web pages, portals, email accounts and mobile devices, but worse still we are often asked to change passwords regularly specially in a corporate environment.
So is it really possible or even likely someone can guess your passwords out of an unlimited combination of words, numbers and even characters?
Well.. the answer is quite surprisingly perhaps.. YES passwords are hacked, guessed or cracked all the time.
Hackers, and hobby crackers are out there looking for vulnerabilities in systems either for personal gain or just for fun.
One would think it takes a huge amount of effort to do this, but the reality is that there is a whole mirage of tools and free utilities which can automate the hacking process and try to guess access to systems automatically, taking advantage of an ever increase list of system vulnerabilities, common password databases and brute force attacks.
So although keeping passwords safe is annoying and hard work to remember they are the first line of defence we typically have from others accessing our information.
Fortunately is not too hard to create a memorable password which is secure, easy passwords are important as they are easier to remember and you should not need to write them down.
What makes a good password:
A good password should avoid the most obvious guessable words such as
Names: Family name, pets names, or any other proper name
Personal information: address, phone numbers, cities, birthday, number plates or anything anyone can look up about you n facebook, linked it, goofle etc.
Dictionary common words: believe it or not the most common passwords are “password”. Most dictionary words are the first line of attack in guessing passwords.
Sequences: avoid common sequence either logical or from your input device such as keyboards, for example “abc1234”, “QWERTY”, “111111”, “123456” etc
Other good tips
- Never write you password down – much less place it on a sticky note on top of your screen J
- Do not disclose or share your password with anyone
- Do not use the same password for multiple systems (We know this is hard, but if one system is hacked or compromised, the first thing hackers will do is try that password on other systems).
- Change your password periodically even if not forced or prompted by the system
- Never leave passwords as default or allocated to you, first thin you should do is change your password
So what can you do to make things easier?
- You can use a password management system. There are many password management systems which automatically track and store your passwords and often other personal information with strong encryption. When you want to access a site, all you need to do is consult with your systems (typically a PC or Mobile device based application) and it will at least reveal the password to you or at best automatically grant you access.
With a password management system you can avoind having to remember hundreds of password, but DO make sure that you use a very strong password for the system it self.
The main disadvantage is that it is not free. Typically you need to pay for a good system or tool to do this.
- Make the password memorable:
Now that you have the basics of what not to do with passwords and how to make them safer, how can you create strong passwords you can actually remember?
Some tips on how to create memorable passwords are:
- Play around with vowels – replacing characters wt. numbers for example
- Use patterns on your keyboard – for example skip every 3rd letter from left to right and type the letter on top, for part of your password
- Think of a passphrase of poem and use the first letters as part of your password
- Mix words and combine with characters and numbers
- Reverse words that form part of your password
- Add spaces if allowed by your system
- Make them longer – the longer the password the harder it is to guess or comprimise
- Or you can use a friendly web page that can help you generate passwords for example http://www.dinopass.com/ (give it a try!)
So what does a good password look like?
OK Password: | Better Password: | Excellent Password: |
smellycat | sm3llycat | $m3llycat |
ilovemypiano | !LoveMyPiano | !Lov3MyPiano |
Rolltide | RollTide% | RollTide%.% |
deltagamma | deltagamm@ | d3ltagamm@ |