This article was first posted in March 2018 but has been updated with relevant reading and sources.
According to the 2017 Verizon Data Breach Investigations Report, 81% of hacking-related breaches involved either stolen or weak passwords. Although this is not as prominent in the 2020 report, it is nevertheless just as important to have strong passwords.
So, let’s talk about password hacking techniques and look at some tips for creating stronger passwords. The story is different when the target is a company, an individual, or the general public, but the end result is usually the same: the hacker wins. How can you make sure that your company and personal data are safe? We’ve asked the experts.
3 tips on how to can create strong passwords
1) Use sentences when creating a password
“People are good at remembering situations or sentences that present a message we can relate to, some of us are also very good at remembering text if it is in the form of a rime or in a song.
We should take advantage of this and apply the same when creating texts remember. In other words, instead of passwords we should create passphrases. Because, the longer a password is, the harder it is to guess, or for hackers to crack using computers.
An example could be:
“My dog always barks at the postman”
“I love the smell of coffee in the morning”
2) Use human aspects in the passwords
“These sentences are much longer than ordinary passwords, which makes them many times stronger, and they include the human aspect where they relate to something that we can feel, have felt, or can visualise in our memory. As soon as you apply the principle of visualising something, then your brain is much better equipped to remember it.
If you look at the text, you will see that it still contains upper + lowercase letters, it also contains spaces, which is a special character. It does not contain numbers, there really is not a need for that, but if you still encounter requirements to have this, just try to incorporate a number to it, to be compliant with the rules.
If you mathematically (based on computing power) evaluate the strength of these passphrases you will find that to crack these using computers, it will take more than 10 000+ centuries to guess. This makes it impossible for any hacker and ensures that your data is safe. If you compare this with a typical password requirement of 8 characters, upper + lowercase + numbers + special characters, like:
“Thorough2%” – It looks strong, does it not ?? It is even 10 characters with special characters and all that. This only takes 4 hours for an attacker to guess using computers – Ouch!
“Xs5dfg%–” – This takes 12 days to hack using computers, and you probably will not remember it anyway.”
3) Use a secure password manager
“With the number of accounts it is typical to have in today’s online world it can be quite challenging to keep track of all of them. Even with good and rememberable passphrases, this can be a daunting task.
The best solution to this is to use a secure password manager. A password manager is a specialized software created specifically to keep your passwords and account information secure, while at the same time providing you with usability features to ease the login process by automatically entering your account information with the help of browser add-in’s.
You can think of the password manager as your password vault, since it securely stores your account information in encrypted form on your device or in a secure cloud solution, depending on the product you choose.
All you must do is to create one strong password/passphrase which you use to open/unlock the password manager, then you store all your account information and credentials within the program.
There are many good password managers on the market, instead of me naming specific products, a simple google search on “secure password manager” would give you a list of password managers to choose from.”
Also read: Empowerment to increase security.
Q&A with the Security Manager
We also sat down with previous Security Manager & Divisional Data Protection Manager in Visma, Claes Lanner, to see what advice he could give us on password security.
Q: Why do we have passwords?
A: To ensure that your information is not changed or taken. It’s as simple as that.
Passwords are easily cracked by hackers, particularly if you don’t use sound password-creation practices. The best passwords contain uppercase and lowercase letters, numbers, and special characters. You should also avoid using easily guessed words or alphanumeric combinations, such as the names of children or pets, birth dates, addresses, and similar information that can be easily guessed by someone looking at your Facebook profile or through a Google search.
“A strong password should be more than eight characters in length and contain both capital letters and at least one numeric or other non-alphabetical characters. Use of non-dictionary words is also recommended,” suggests the Identity Theft Resource Center.
You might also be interested in reading: 13 Ways to Prevent Identity Theft in 2020.
Q: What type of password is the most secure?
A: 2-factor authentication is the safest. If that is not an option, then use a long passphrase. The last option is to use a complex password.
Q: How often should passwords be changed?
A: That depends. If you’re using 2-factor authentication, two times a year. Passphrases should be changed four times a year, and passwords should be updated every six weeks.
If you do forget your password or get locked out, you need a way to get back into your account. Many services will send an email to you at a recovery email address if you need to reset your password. So it’s important to make sure your recovery email address is up-to-date and is linked to an account you can still access.
Sometimes you can also add a phone number to your profile to receive a code to reset your password via SMS. Your mobile phone is a more secure identification method than your recovery email address or a security question because, unlike the other two, you have physical possession of your mobile phone.
Q: Many users find updating passwords to be annoying and redundant or simply forget to do it. What advice would you give to them?
A: Security vs usability is the tricky part. Think of it this way: you’re heading home from the grocery store, both hands full of grocery bags and no free hand to unlock your front door. Wouldn’t it be easier to simply keep the door unlocked? It’s natural to keep your home locked, it should be natural to keep your online banking and financial systems locked as well.
While password hackers will continue to adapt to new security measures, it’s critical for businesses and individuals to be proactive in their stance to protect their assets. Those who make password security an integral part of their company culture will be best positioned to fend off password hackers. Read more about security in the cloud in this blog post or visit our Trust Centre.