9 Easy Steps to Create Strong Passwords

Nicholas Foisy
Apr 15, 2020 4:30:00 PM

Passwords serve as the gatekeeper to an organization’s data and systems, keeping out unauthorized users and only allowing the right people to enter. The strength of an organization’s passwords can often be the deciding factor to whether they suffer a breach or data disaster.

Technology is continuously evolving and making it easier for attackers to automate the password-cracking process. The two most common password-cracking strategies are brute force attacks and dictionary attacks. Brute force attacks utilize technology to guess every possible combination of characters, while dictionary attacks utilize technology to guess all known words and find a match. These attacks can be mitigated by following the tips below to craft passwords that are extremely difficult for attackers to crack:

  1. Make Passwords Complex – Passwords that use combinations of uppercase and lowercase letters, numbers, and symbols are harder to guess. Dictionary attacks will be capable of cracking a password such as “Chandeliers” because it is correctly spelled with proper capitalization, but if you change this to “cHandeliers729!” the dictionary attack should no longer be able to crack the password.
      
  2. Make Passwords Long – The longer passwords are, the more time and difficulty it takes for brute force attacks to crack them. Advances in technology have led to brute force attackers being capable of cracking any eight-character password in a matter of hours. A good rule of thumb when creating passwords is to make them at least 12 to 15 characters in length. Longer is stronger!
      
  3. Don’t Reuse Passwords – We’ve all been guilty of it at some point… using the same password for multiple accounts. If one of your account login credentials were to be breached, the attacker will likely then attempt to use those credentials on other websites and programs. What begins as something small, such as your Dunkin account password being exposed could end up leading to an attacker taking over your bank account and draining it, all because you used the same password on both websites. Use different passwords for each account to prevent the attacker from accessing your other accounts as well.
      
  4. Don’t Use Common Passwords – Most attackers will start with the low-hanging fruit and begin by trying the most common-used passwords. These include “123456789”, “qwerty”, “password”, and so on. Using very simple passwords such as these will provide a very easy target for attackers to crack.
      
  5. Avoid Using Obvious Information – Most of us use social media and share a great deal of our lives online. Passwords using information such as your birth date, hometown, and child’s name can be an easy target for attackers to crack with some research across social media platforms.
      
  6. Change Passwords Regularly – Many of us will have one of our account credentials compromised at some point in our lives, whether it be by our error or a service provider being breached. Changing passwords regularly (biannually or annually) limits how long stolen credentials are useful to a stealthy attacker. Make sure each new password is unique and avoid reusing previous passwords.
      
  7. Don’t Share Your Password – Treat your password like you would your social security number and share it with nobody. Be careful to avoid typing it in view of others, especially when working in public places. Avoid entering passwords when connected to public unsecure Wi-Fi networks such as airports and coffee shops as attackers can intercept credentials on these unsecure networks. Lastly, do not keep passwords on a sticky note at your desk! If you must write down your passwords, lock them somewhere secure and away from your computer.
      
  8. Use a Password Manager – Password managers are a great place to securely store your passwords. Many of these services are free and offer encryption and tools to generate great passwords that are difficult to crack. They can also be used to auto-fill your login information across all the websites and apps you use, so all you have to do is enter your master password and the password manager will input the username and password for that website or app. Of course, this means that your master password should follow all these tips to be extremely strong!
      
  9. Enable Multi-Factor Authentication (MFA) – Though it isn’t necessarily a password tip, multi-factor authentication (MFA) is one of the strongest tools to prevent unauthorized account access. Multi-factor authentication is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence. In most cases, this means a user must enter the correct password and then provide a code that is texted to their phone in order to successfully sign in. With multi-factor authentication enabled, even if an attacker does crack your password, they still won’t be able to get into your account without possession of your phone!

Using the tips listed here will assist in creating passwords that are extremely difficult to crack. It is recommended that organizational leadership mandate password strength requirements for staff with some or all the criteria listed above. Making these criteria required will mitigate the risk that users ignore best practices and continue using weak passwords. Many websites and apps have also begun forcing users to create strong passwords that are long and include some of these criteria.

The information in this blog post has been condensed into our Best Password Tips Checklist and is available for free download by clicking here. Compass IT Compliance has spent the past decade assisting organizations in both the public and private sectors in establishing and updating IT security policies. Contact us today to learn more and discuss your unique situation!

You May Also Like

These Stories on Security

Subscribe by Email

No Comments Yet

Let us know what you think