fbpx

What constitutes a good password and why it is important to have one?

What constitutes a good password and why it is important to have one?

What constitutes a good password and why it is important to have one?

Quite simply; your password is the key to your IT castle. The walls you carefully build around your business data are of little value if the front door lock is easily picked. The idea that passwords should be long and complex is one of IT industry’s sacred cows, and yet many users stubbornly stick to passwords such as 12345, Password1 or Jimmy1970; which often takes less time to crack than to type them. The question “So, what constitutes a good password?” is a common one.

Of course, with the multitude of passwords we have to remember these days, the natural tendency is to simplify, not change passwords with any great frequency and use the same of similar passwords over multiple services from Hotmail to your company login; but as the 2012 hack of LinkedIn illustrated; this can be dangerous too. It is a known tactic of hackers to take compromised passwords from a phishing or hacking incident for example, and use it not only on the site directly targeted, but also try their luck with other likely sites such as social media and email accounts.

What is a bad password?

Aside from the obvious and aforementioned “Password1” or “12345”, your name, car or pets name suffixed by numbers is a poor choice; “Peter1972” takes no more effort to crack that “Peter”, especially if your username is “Peter” too! Replacing letters with numbers such as “P3t3r1972” is better, but not much of an improvement.
Cyber criminals combine impressive computing power with dictionaries, film scripts, song lyrics and social media to quickly and easily build possibilities so avoid nicknames, quotations, birthdays and pets names.

What is a good password?

Go as long and complex as you can. There are 2 main schools of thought at present for strong passwords.
  • Use abbreviations combined with uppercase, lowercase, numbers and punctuation. It should be at least 8 characters and never include any aspect of your username or company name. A good example of this might be JgtS@0805em! The question of how to remember this is answered by – JonnygoestoSchoolat08:05everymorning!
  • Combine several unusual and unrelated words together that mean somethign to you. Avoid meaningful phrases or quotations though. Purely as an example of this; something along the lines of VolcanoKettleBoots …. throw in the year and a special character to get VolcanoKettleBoots20!

 

Both of these passwords (as illustrations only of course) would give most password hacking tools a challenge.

Should I use a completely different password for each site or service?

Absolutely yes!

Are password managers a good idea?

These can be a good idea and address the most common concern; “how am I expected to remember all these passwords?” Of course, as the repository for all your passwords for your company data and sites it is analogous to keeping all your eggs in one basket, and are frequently the target of considerable interest from the hackers for obvious reasons, but as most things in life it is a balance of risk.

In 2015 LastPass, one of the largest providers were partially breached, but claims that none of their 7 million user accounts were compromised. Set that possibility however against the hazard of using the same or similar weak password over multiple sites and the password manager still looks an attractive option, although we suggest you avail yourself of two factor authentication alongside a strong master password when using any such service.

Should I use multifactor authentification if available?

Definately yes! We have an article on that subject here

Lindsey Hall

As both an entrepreneur and an IT specialist, Lindsey offers a blend of deep technical expertise and commercial insight, delivered in language business owners can really understand and trust. She works with clients to provide a full range of services from strategic advice through to project management and infrastructure support. Lindsey is an accredited Cyber Essentials Consultant