Directive Blogs
Do You Know How to Build Solid Passwords?
The password is the core element of both data security and user authentication. This makes the construction of them extremely important to protecting digital assets. Unfortunately, not everyone understands how to construct passwords that actually work to protect the information on the other side. Today, we will discuss how to build a solid password that works to keep your digital resources safe.
Password hygiene, as it is known, is the practice of securing your accounts with the use of passwords that are difficult to guess, even for a machine. If you have good password hygiene, you will avoid using authentication methods that could easily be compromised. Here is a list of commonly used strategies for passwords that would be considered unhygienic:
- Personal details, like your name or birthday
- Names of friends, family, or most infamously, your pets
- Commonly used words (like “password” or a favorite sports team)
- Simple keyboard patterns (like “12345” or “qwerty”)
- Repeated login credentials (like username: David1973, password: David1973)
- Making their passwords as short as possible
If this short list stops you in your tracks, don’t panic. We’re going to give you some strategies you can immediately use to improve your password hygiene and secure your accounts. The constant development of tools and strategies designed to crack passwords has changed the way password creation has been approached in recent years. Here are some examples of some password creation strategies that are no longer recommended:
- Alphanumeric Switching: You know the practice. You switch some letters with numbers that look like them to create the appearance of security. It isn’t always a bad strategy, but users that adhere to this method of password creation tend to make the password something simple, making it ineffective against cutting-edge software designed to crack passwords.
- Length Requirements: For years, accounts made it mandatory to have a certain amount of characters in your password. This practice is falling by the wayside because the longer a password is, the simpler users make it so that they can remember it. According to the National Institute for Standards and Technology (NIST), this strategy is actually hurting your ability to keep your accounts secure.
- Banning Cut and Paste: Some password fields ban users from using the paste feature to enter a password. This all but eliminated the effectiveness of the password manager, an extremely useful tool for many people who couldn’t possibly remember all the account credentials they need daily.
- Password Hints: Most of the accounts you set up, especially for your finances, have this option. They provide you with a set of predefined questions to ask if you, for some reason, lose your password. With so much of our information shared online, the practice isn’t as effective as it once was, when less of our personal information was available online.
- Frequent Password Changes: This directive, usually implemented by overzealous IT administrators, can have the opposite effect due to the fact that many users will forget their new password, or they will create an insecure password so that they CAN remember it. Obviously, a password reset is useful, but doing it frequently doesn’t help secure accounts at all.
Password Hygiene Best Practices
At Directive, we recommend that users use a passphrase made up of at least three words that don’t have anything to do with one another. We also believe that using replacement characters can have value in this method. For example, a passphrase of “asamericanasapplepie” is not in itself secure, because it’s a common phrase, but a passphrase of “asamericanaspanakopita” is better. Sprinkle in upper and lowercase letters, numbers, and symbols like “A$@m371c@n@$5p@n@k0p1t@” and your passphrase is something you can both remember and works well to secure your account.
If you would like more information about password hygiene or securing your accounts and identity online, call the IT professionals at Directive today at 607.433.2200.