Passwords – we all use them, we all need them, but we don‘t talk too much about them. Nor should we, ideally! However, we need to talk about good password habits. A strong password is a key to our online world, and if compromised, hacked, or stolen, it can be trouble. This is what we should keep in mind for World Password Day, May 6th.
Although keeping good password hygiene in cyberspace can sound daunting, some simple practices can go a long way in keeping your accounts safe. We are all familiar with the three simple steps towards a greener world: reuse, reduce and recycle. But those three Rs are the exact opposite for creating strong passwords.
Not applicable for passwords.
A strong password is never reduced
A long password is a strong password. One method of trying to access accounts is simply by guessing. The longer the password is, the more difficult it is to guess. That’s why a password such as “1234” is easier to guess than a long password, such as “supercalafragalisticexpialadoshus”.
Most reputable services require a password of a certain length and involving special characters such as numbers and symbols. That makes it more difficult for an adversary to guess your password. As much as it is tempting to use something simple like “Password1234” or “Apple123”, they are not good passwords.
Cracking a password by guessing can also be done through a small script. Then, a simple computer program goes through a dictionary and tries out every word, combined with common endings such as 123. That means your account is not safe even if you learn how to spell “Supercalafragalisticexpialadoshus1234”! It’s akin to trying every combination on that bike lock that you’ve long forgotten.
A long password with a combination of letters, numbers and symbols is a strong one. So, instead of “Supercalafragalisticexpialadoshus123″, which is easy to crack, try to guess “5upeRca74fra&ali$T1cexpia7ad0shu$”!
A strong password is never reused
Reusing a password is one of the seven deadly sins of good password habits. But when you’ve finally memorized the ups and downs and letters of your super-secure password, “5upeRca74fra&ali$T1cexpia7ad0shu$”, it is very tempting to just, you know… use it again.
Because data breaches happen, a password that is leaked from one service can then be used to access another service. This means that if your password is leaked from one service, a clever hacker can try to use it for other services. That way, a hacker could access everything you’re doing online: from a hostile takeover of your social media account to emptying your bank accounts.
To remember those strong and secure passwords, you can create passphrases. A passphrase is a combination of random words that are rarely seen together. “AppleWiltingArmsRosesExpectationsG0″ is an example of a passphrase. Throw some strategically selected symbols in there, and hackers will have a hard time guessing your password: “AppleWiltingArm5RosesExpectation$G0”.
A strong password is never recycled
Recycling may be good for paper but is bad for passwords. When you’ve finally remembered “AppleWiltingArm5RosesExpectation$” and you need to change it because of your company’s password policy, it may be tempting to just, change it a bit. “AppleWiltingArm6RosesExpectation$G0″ and then to “AppleWiltingArm7RosesExpectation$G0”, meaning that a clever hacker could easily guess your recycling method.
Similarly, don’t recycle your passwords by using the same password for your WiFi router and your email account, as an example. Sometimes one password needs to be used by many, like accessing your home WiFi, there is no need for it to recycle your private passwords for it. Just as you wouldn’t want to use someone else’s used masks, not even your partners, some things are just not meant for recycling.
Keeping passwords safe
So, how does one keep track of all those super secure passwords? You can’t use them again, you can’t recycle them, and you can’t keep them short and simple.
The answer is simple: Password managers. A password manager can help you create a strong password and then store it securely. You only need to remember one strong password for your password manager, and the password manager will do the rest: generate strong passwords, remember which password goes where, and keep your accounts as safe as possible from hacking!
Security awareness training for password handling
AwareGO provides training materials on all matters related to cybersecurity. We have curated ready-made programs for multiple subjects, including passwords. You can have a free trial of our cloud-based learning management system (no credit card or commitment needed) and take a look at our videos and ready-made programs to find out if they fit your needs.