Password Protection Strategies
We all know that the more complicated a password is, the better. They should include a mixture of numbers, punctuation marks and symbols, and uppercase and lowercase letters.
Or should they?
Recent research into password security has shown that much of conventional password wisdom is not only wrong, but possibly dangerous.1
Facebook, Twitter, Yahoo, and LinkedIn have all fallen prey to online attackers who have stolen entire databases full of passwords. The passwords are scrambled for security, but this offers little comfort when computer programs can make millions of guesses in just a few hours. Because most passwords are based on words in a dictionary combined with a number or symbol, it can take these sophisticated programs even less time to hack them.
The end result is that common password policies don't prevent the theft of many users' passwords, which creates a complex, sophisticated, and lucrative shadow industry. Believe it or not, stolen passwords can fetch big money on the black market.2
So, what does that mean to you? It means that every password you’ve created is a valuable and vulnerable commodity worth protecting.
To do so, you should go a step beyond choosing passwords that are hard for a human to guess. Your passwords need to also be difficult for a computer to figure out. Here are some tips.
Favor Length Over Complexity
Longer passwords are more difficult to crack. A minimum of 12 characters is recommended. Consider stringing together the first couple letters of a favorite movie quote, song lyric, or poem. For extra-sensitive accounts, it may make sense to change your passwords on a regular basis. If you like the idea of optimal password protection, but worry you won’t be able to handle many, frequently changing passwords, password managers can help you organize, store, and use multiple passwords safely.3
No Plain English
Simple strings of numbers, along with passwords that can be found in the dictionary, are the easiest to crack. Microsoft suggests that your password should contain one or more uppercase and lowercase characters, numbers, symbols, and even unicode characters.4
Mix It Up
Many people use the same password for multiple accounts because it’s easier to remember. But this could lead to serious consequences. You may not be too concerned about the personal information stored in your LinkedIn or Twitter accounts, but what would happen if hackers used your compromised password to access your email, brokerage, or bank accounts? If you have trouble remembering multiple passwords, you may want to keep a list on your computer, but don’t store it on your desktop or in your inbox. Give the file a misleading name and bury it in a folder where only you can find it.
There’s no such thing as an impregnable password. Still, putting personal information behind a basic password is like leaving your Porsche in a parking lot with your keys on the dash. By taking preventative measures to strengthen your password, you may be able to help safeguard your sensitive personal data and your privacy.
1. Security.org, March 2020
2. PCWorld.com, 2019
3. www.cylab.cmu.edu. “Measuring Password Guessability for an Entire University”
4. Microsoft.com, 2020