September 19, 2017
Passwords: Tips to Create Safer Passwords

I can hear the moaning already.  Yes, I know– you hate passwords.  So do I.  But with the number of online accounts we have today (one survey shows the average person has 27 different online accounts!)  the passwords, and the hassles associated with them, aren’t going away anytime soon.  Strong passwords are always recommended and in most cases required.

What makes up a strong password?

Typically, you will hear things like: 8 characters minimum.  Mix of uppercase, lowercase, numbers and symbols.  Ok great-  let’s look at two passwords, both that satisfy these rules.      Passwr@d8.   eW7x0p%2  Which is the better password?  The answer may surprise you.  Clearly- if I am sitting in front of a computer and trying to guess your password,  I am less likely to guess eW7x0p!%2.  However, most hacking attempts are not made by a person typing in random passwords.  Hackers use software that can try password guessing much faster than a human can. The end result-  both of these passwords will likely be compromised in about the same amount of time.

 

So, what to do?  Even if you pick a ‘complex’ password;  hacking tools can pick it apart nearly as quickly as a simple password.  One often overlooked way to increase your password effectiveness is to simply add characters.  An 8-character password based on the alphabet (upper and lower case only) will give 3.03e+13 permutations.  Adding just 1 more character increases this to 1.33e+15.   One good way to increase your password size without making it harder to remember is to use phrases instead of random numbers and symbols.  Something like “MyFavoriteAuthorIsMarkTwain” is very long and yet very easy to remember.  You could then complicate it further by replacing certain letters with numbers; “MyF8vorite8uthorIsM8rkTw8in” is very difficult to guess, but still easy to remember.

 

Take it One Step Further with Two Factor Authentication

 

Many online systems are now supporting two factor authentication, where you not only need to enter a username/password, but then respond with a code that is sent real time to something like your cell phone.  The idea here is that you know your password, but you also possess your phone so only you should get the random code.  I highly recommend you use two factor authentication with any system that offers it; and by the looks of things, more and more will likely be using it.

 

One final note-   don’t use the same password on more than one site-  and if one of your accounts is compromised;  change all of your passwords.  Yes,  ALL 27 of them!

 

Mike Archambault

NBM IT Director