What is a Strong Password?
Chuck's Cyber Wall
I talk about the importance of Strong Passwords often.
You’re probably tired of hearing about it, yet weak passwords continue to be a significant security threat that is easily fixed.
That’s because passwords are your digital keys to the internet.
You wouldn’t be happy with an easy-to-copy key for your house or car that criminals can use to steal your stuff. Why settle for inferior protection for your personal and financial information? Myself and security professionals worldwide keep talking about passwords because the number of passwords being breached daily is a huge problem and everyone who has an online account anywhere is a target.
AM I REALLY A TARGET?
Yes! If you are a living, breathing human being with personal or financial information stored digitally anywhere on the internet, you are a target. Why? Because every piece of personal information has a dollar value, and cybercriminals want to use your information to make a profit. That’s why so many of them go to such great efforts to steal your information.
Regardless of what you’ve seen on TV, these hackers are not kids playing harmless games. They are sophisticated criminals using automated programs that steal your information to make money. And if they can use that information to steal money directly from you, all the better for them. Without a doubt, the almighty dollar is the reason there are so many Phishing schemes and why cybercriminals are continuously attacking medical practices and financial institutions.
This is why we keep talking about passwords and why security professionals try so hard to make you aware of the threat.
Passwords are attacked in many ways, but the five most common are:
- Password Cracking – some companies still store passwords in unprotected files – this is why we constantly preach about using unique passwords for each account
- Brute Force Attack – using automated tools to run multiple letter and number combinations – passwords with less than 9 characters are susceptible to this type of attack
- Dictionary Attack – cybercriminals use automated tools that enter common passwords and simple phrases – so if your password is kittensarecute it’s not secure
- Credential Phishing – crafted emails designed to trick you into revealing your user name and password – these attacks are ridiculously effective as they prey upon people who are busy, lazy, or unaware, which is why we security professionals are always discussing awareness
- Password Recycling – 99% of users reuse passwords, and 70% recycle an average of 8 passwords between home and work – it can take weeks or months to be alerted to a password breach, leaving every account with that password vulnerable to attack
And it’s not just me. If you look up CISA tips for security, Strong Passwords are the first thing they address. Working together, the collective WE can help to mitigate these threats by:
- Never repeating or recycling passwords
- Using strong passwords
- Being aware of threats
Getting back to the title of this blog, let’s talk about that middle one.
WHAT MAKES A STRONG PASSWORD?
Because there’s so much bad information out there, this is an unnecessarily complex question that I’ll put into simple, easy-to-understand terms. Let’s start with “what makes a Weak password?”
- Birthdays and Anniversaries
- Phone Numbers
- Names (this includes movies, TV shows, and sports teams)
- Obscuring Simple Words ([email protected]$w0rd! is not a strong password)
Between social media, work profiles, and general biography information on the internet, this information is readily available to cybercriminals with some simple social engineering or an automated process called Data Scraping.
Now that we know what not to do, let’s discuss what makes a strong password.
- Strong Passwords are Long – a minimum of 16 characters, preferably 20 or more (8 character passwords can be cracked in under a minute)
- Strong Passwords Utilize Mixed Case, Numbers, and/or Symbols – if all parts of a password can be found in a dictionary, it’s vulnerable
- Strong Password aren’t Obviously Personal – numbers, letters, and words you often post on social media aren’t secure
- Strong Passwords are Easy to Remember – writing down passwords is a terrible idea; it’s better to use one that’s you can memorize
Okay, so how do we do that in two easy steps:
- Use a phrase that is personal to you and thus easier to remember, i.e., timeathomewithmytwodogs
- And then add a little complexity and misspelled or shortened words, i.e., [email protected]
Two steps, that’s all there is to it. Too many people are under the false impression that strong passwords are a string of random letters that no human being can possibly remember. A strong password is complex enough to be secure and easy enough to remember without writing it down!
In addition to a Strong Password, here are a couple of other tools that will make your life easier:
- Use Multi-Factor Authentication whenever possible – this one step will virtually end the threat of credential phishing schemes
- Get a Password Manager – these programs will store your passwords securely, and most will monitor breaches to alert you when there’s a problem
Since your password is the first line of defense against cybercriminals trying to steal your information, it’s essential to make it a good one.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com