“Ugh. My Gmail was hacked again. Sorry guys!”
This seems like such a common occurrence these days, doesn’t it? You receive a few emails from someone about a mind blowing deal on a digital camera, or even more tempting – a sweet deal on Viagra, followed by an email from that person apologizing for the spam:
My email was hacked again, sorry guys LOL. The Internets is a crazy place HAHA!
Welcome to Now
Let’s get real. It’s 2018 and this shouldn’t be happening.
To be fair, the National Institute of Standards and Technology’s (NIST) password security guidelines, established in 2003, weren’t exactly precise or designed to combat modern password cracking methods.
Bill Burr, the author of the guidelines, had little real-world data to base his guidelines on at the time. There simply wasn’t enough data available to formulate an effective strategy back then. Naturally, during the course of gathering data, the system admins at NIST brushed him off when asking for their passwords. As a result an inadequate set of best practices were established, and have been followed for close to 2 decades.
The general web browsing population, even if they have no idea that NIST exists, knows most of the basic principles set forth in the guidelines. This is primarily because they’ve been prompted (annoyed) by a forced password reset or the classic “Please ensure your password contains X, Y, and Z.”
Ironically, we are fortunate that there has been enough password theft since these guidelines were established, allowing us to analyze passwords and extract plenty of useful data.
Password Length and Complexity
Password length plays an important role in how secure a password is. The entropy, or randomness, of a password also plays a large, or larger, role than length. For more information on the impact of password length and entropy, be sure to read the science behind a strong password.
Complex passwords can be a real pain to remember though, right? That’s where password managers come in to the picture. A password manager will help you safely store and manage your passwords, so you don’t need to try and remember them or, or even worse, establish a complex filing system using post-it notes.
Maintain secure passwords, manage them properly, and protect your personal information.