Now that we have established the importance of passwords, and the necessity to utilize unique passwords for each account / system we access, let’s explore how to create and manage effective passwords. First, there are some simple things to avoid when choosing a password. The most common tools utilized to “crack” a password are simple word lists and dictionary programs. These programs utilize brute force and simply attempt to guess the password by trying word and character combinations until a match is found. As such, the use of common/typical words, as found in a dictionary, should be avoided. Similarly, proper nouns, foreign words, and the addition of a numeric string at the end of a conventional word, or the reverse spelling of a word offer little additional password strength. Personal information, such as a family member’s name, phone number, date of birth, address, etc., should also be avoided as all of this information is readily available from a variety of sources.
What elements does it take to create an effective password? The quality of a password can most easily be measured by 3 unique factors: length, width and depth.
Length refers to the number of characters contained in a password. Because the longer a password is, the harder it is to crack, it holds true that longer is better. The minimum number of characters that should be utilized for a password is 8. Remember that this is the minimum, and each additional character you add increases the security and length of time it would take to crack.
The width of a password is determined by the variety of characters that it contains. The greater the variety of character types, the harder it is to crack. The primary types of characters include upper case letters (A,B,C), lower case letters (a,b,c), numerals (1,2,3), and special characters (!,%,$). Generally, the greater the variety of character types included in a password, the more effective the password is considered.
The depth of a password refers to there being more to it than just a combination of characters. To achieve a greater depth, a password should have a meaning to the user that is not easily guessable by other. An example of this is the use of a phrase or a combination of non-related words that have meaning to the user. An additional benefit to this dimension of passwords is that the underlying meaning should also make it easier for the user to remember.
When all of these components are combined to create a password, the results are far superior to the simple passwords that most individuals use today. An additional technique that incorporates the various types of characters while remaining personal and memorable is to replace some letters from a phrase with special characters that have a similar appearance or sound. For example, use the “@” symbol instead of an “a”, the “$” symbol instead of an “s”, or the number “3” instead of an “e”. Using this technique, the password “thisismypassword” becomes “This1$myP@ssw0rd”. By making it personal and being creative, you can easily create an effective and memorable password.
While the above techniques will enable you to create effective passwords, we are all still faced with the reality that we need a unique and memorable password for all of the various accounts we have, and this list can easily reach into the double digits. Trying to remember all of these wonderfully unique and meaningful passwords can prove challenging for even those with amazing memories. Luckily, technology has offered us several tools that can assist us in this memory exercise and in some instances provide an additional layer of protection.
There are a variety of password management applications on the market today that can remember and automatically enter your user ID’s and passwords into web-site & applications for you. Most of these programs also allow you to replace your self-generated passwords with system generated passwords which are typically longer and more complex (think 20+ digits). You maintain a master password that allows you to access and utilize a library of your saved ID’s and passwords. While these applications are incredibly useful, a note of caution when selecting a password management application is necessary. These firms are themselves being targeted by hackers looking to steal their users’ information. You should thoroughly research the available options and their security history before selecting a product.
A recent development that is quickly being adopted by more and more firms to add an additional layer of protection to online accounts is a process called 2-Factor Authentication. Once set-up, these systems require you, as a user, to provide a separate access code (typically a 4 or 6 digit character set) in addition to your user-id and password. When you input your user-id and password, the system then sends you a code via text message or email, which you are then required to enter into an authentication screen. Alternatively, some firms employ a pre-shared-key mechanism which allows an app on your mobile device to display the current access code. While this type of application doesn’t specifically address password complexity related issues, it does ensure that access to your account is limited to only those with access to either your mobile device or email account.