Secure Passwords in 5 Steps

    Have you noticed that the requirements for creating passwords for online services have changed drastically over the past couple of years? They have, and for good reason; weak passwords are easy to crack. If you have an account that’s been compromised in the past, there’s a good chance that at least one password that you’ve used in the past can be found on the Internet right now.

    That’s a scary thought, but using strong passwords can decrease the likelihood of a password breach and the many commonly associated problems – something that is compounded by using the same password for multiple services.

    While creating a secure password can seem like quite a task, following these 5 steps will make doing so much easier.

    Password length matters

    One of the best first steps in creating a strong password to ensure its length is at least 16 characters.

    For many years, a password 8 characters in length were considered to be acceptable, but that’s changed as the technology used to crack passwords has improved. In most cases, an 8-character password can be cracked by a computer in under a minute. Increasing the character count to 16 dramatically increases the estimated time to around 6 million years.

    Include special characters

    Next, ensure that your password uses special characters in addition to lower-case letters, upper-case letters, and numbers. Including just one special character to a 16-character password increases the time to crack your password from 6 million years to 2 billion.

    Why such a dramatic increase? The inclusion of special characters increases the possibilities for each character in a password, greatly increasing the total number of possible combinations.

    Don’t include personal information

    The overall effectiveness of a password is reduced when elements contained within the password refer to personal information. Passwords should never contain references to names, numbers, or words that you identify with.

    While this information may help increase the length of your password, it can do much more harm than good. Our online presences are filled with personal information, and if you’re being targeted that information will be the first used to attempt to gain access to your accounts.

    Use a password manager

    The average person has 19 passwords they use to protect their information and access online services and keeping track of all of them can be a challenge. Having a strong password is great, but not if you have to write it down in order to avoid forgetting it.

    Storing your passwords in a password manager will simplify the process by requiring you to remember only one password – the one used to gain access to the password manager. Password managers also provide the benefit of making it much easier to have distinct and strong passwords for each service you use since you won’t need to remember them all.

    Modern password managers, such as LastPass and some of our other favorites, are available on multiple devices and web-based applications, ensuring that as long as you have an Internet connection, you’ll be able to access all of your passwords.

    Improve security with multi-factor authentication

    Multi-factor authentication provides an additional layer of protection for passwords by requiring a second piece of information, or “token,” in order to successfully log in to a service. The tokens are commonly associated with a physical device, ensuring that accessing a service requires:

    • Something you know (password)
    • Something you have (a phone with an MFA app)

    Multi-factor authentication should never be used in place of a strong password, but function as a way to protect a strong password. Enabling MFA for any services you can increase the overall strength of your password security and make it much more difficult to gain unauthorized access to your information.

    Many online services, for both business and personal use, make MFA available to users. Commonly used software suites including Microsoft Office 365 and Google’s G Suite support it, along with social networks such as Facebook, Twitter, and Instagram:

    Valiant’s upcoming webinar on Security Best Practices on June 11th, 2020 covers password security, multi-factor authentication, and other measures that both businesses and individuals can use to reduce attack surfaces, and we hope to see you there!

    Matt has spent the better part of 2 decades building systems, managing IT departments, and developing websites and applications for the education, publishing, and technical service industries. As an MCSE...

    Continue reading

    Subscribe to Valiant's Monthly Email Digest

    Valiant's monthly email digest is filled with original content written by our staff, tech news, and business insights.