What makes for a “Strong” Password these days?
We frequently tell clients:
- Do not use obvious passwords
- Your birthdate
- A family member’s birthdate
- Your child’s name or pet’s name
- Your favorite sports team
- Do not use passwords that might be easy to associate with you via social media
- Do not use “easy-to-remember” passwords that are single dictionary words
- Do not write your password down and tape it to the bottom of your keyboard or put it on your monitor with a sticky note
- Do not share your password with anyone, under any circumstance
That sage advice still holds true today. Conventional wisdom says that a strong password includes a random combination of 8 or more:
- Upper and lower-case letters
- Special characters or symbols
Using this variety of character types increases the time it takes to crack the password in a brute force or dictionary type attack. I have often encouraged clients and family to use an easily remembered sentence and turn that into a passphrase. For example, “I Like To Camp, Hike And Fish” can be turned into the passphrase “1L2c#&F$”.
Looking at that passphrase you might assume that it’s very secure. But is it really? Surely no one can possibly guess that one? Well, it turns out that it’s relatively easy for a modern computer to crack that password, in fact, it will only take about 9 hours (according to https://howsecureismypassword.net. You can check the strength of your passwords here for free).
So, what is the average person to do? How can you possibly remember a unique, complex password for every site and account that you have? Fortunately, you don’t have to.
You can use a password manager. Password managers are apps designed to help keep your accounts more secure and make it easier to remember unique passwords for every site. You can think of a password manager as being similar to a bank. You trust your bank to store, manage, and protect your hard-earned money. Password managers provide a safe place for you to store, manage, and protect your passwords and other private information.
A good password manager will:
- Keep all of your username and password combinations in one place
- Automatically generate long, complex passwords for new accounts
- Fill in account info quickly with browser integrations
- Synchronize your passwords across devices, so you can use them anywhere
- Encrypt your sensitive data in a database
When you setup most password managers, you will create one master password that is used to encrypt and access your password database. It needs to be a long, complex, hard-to-guess password that you never use anywhere else.
Again, it might be easiest to associate your password with a sentence or the lyrics to a song. “And the wind cries Mary” by Jimi Hendrix can become “&T#3WindCr13$M@ry”, which incidentally would take 93 Trillion years to crack.
Or how about “2BorNot2B_ThatIsThe?” (To be or not to be, that is the question – from Shakespeare).
This is the last complex password you ever need to remember. From here, your password manager can generate, store, and retrieve your long, complex passwords across all your accounts for you.
There are many good password managers available for a variety of cost, some of which are free or offer free versions. My personal favorite at the moment is LastPass. It includes browser extensions for Firefox, Chrome, Safari and Opera, desktop apps for Windows, Mac and Linux, and mobile apps for iOS, Android, Windows Phone, Blackberry, and even Firefox OS.
LastPass is easy to use and can store not only my passwords but also credit card information, insurance cards, membership cards, WIFI passwords and more. I can also securely share these pieces of information as well as notes with other LastPass users if I need to.
Passwords are still the weak link in IT security, but you can take steps to improve your security posture and keep your business safe by choosing to use a password manager and enforcing password policies.
Do you need help evaluating a password manager or want help with a security audit? Email firstname.lastname@example.org or drop a note in the comments and let us know how we can help you. We’re here for the success of your practice.