Passwords are the keys used to lock and unlock the majority, if not all of the data and information we need to keep safe. In the cyber world, passwords play an even more integral role, where entire cyber systems, government systems and businesses can be brought down if one password is not strong enough.
Using strong passwords is at the forefront of almost all solutions to web security problems or vulnerabilities. Whether you are a government organisation, a business or an ordinary person, you must make sure you’re creating strong and hard-to-predict passwords. In this article, you’ll learn the rules of password creation, its requirements and how to always generate strong passwords.
What are Passwords?
A password is defined as a sequence of letters and, or numbers and symbols that allow access to an account, a server or a service. In government organisations and businesses, passwords are one of the steps in the line of system protection, used to fortify the cyber defences against cyberattacks. Literally, everything around you in this age of technological advances is password protected.
Passwords can perform many jobs, whether to grant access, as a verification step or used beside another verification method such as fingerprint or eye signature. Due to the information they protect, it is advisable to change your passwords every three months, especially the passwords to your online banking account.
Rules to Follow When Creating Your Passwords
While governments have set a general framework for creating passwords and a great number of organisations set their own password policy that users must adhere by, there are general rules when it comes to creating a password such as:
- Password length, where some organisations require passwords to be at least 8 characters.
- Some elements are prohibited to use, such as your explicit name, birth date, address or even telephone number.
- The use of both uppercase and lowercase letters.
- Numbers must be used.
- Symbols and special characters must be used.
Several websites will offer you a suggestion of a strong password, when you’re completing your sign-up to these websites, such as WordPress for example, they will contain all the previous rules of password creation. You are of course, free to accept such suggested password or create one of your own that will be equally strong.
How to Always Generate Strong Passwords
A rule of thumb is that if the password is easy for the user to memorise, then it is easy for the attacker to guess, especially if the attacker has some knowledge about the user, such as their name or birth date. However, passwords must not be too difficult to remember, since this can cause problems for both the user and the system:
- As a user, you might write the password down or even store it on the cloud, which is very risky.
- You might resort to resetting the password too frequently.
- You might even use that same password for several of your accounts, putting many of them at risk if one of them is hacked.
- If the organisation has put strict rules for passwords, such as using both uppercase and lowercase and monthly changing of the password, this is more likely to overload the system and subvert it.
A list of the most common used passwords was compiled and released by Google in 2013. These were among some of the easiest to guess and crack especially if the perpetrator can obtain any of these by searching for the person on social media websites:
- The name of a family member, partner or pet.
- Both birthdays and anniversary dates.
- Hometown or birthplace.
- Favourite holiday.
- Favourite sports team.
- Using the word “password”.
The tricky equation would be how to create a password that is both easy to remember and is difficult to crack, all because you used a simple technique when creating it.
Here are guaranteed steps to always creating a strong password:
- Take a certain phrase, random or not, that is easy for you to remember.
- Make the first letter of each word of the phrase an uppercase.
- Put together two or more words, they might be related or random and replace some of the letters with special characters, such as replacing the letter a with @ and the letter s with $.
- If the website you’re using generates a strong password for you, you can use it, but make sure not to have it stored on the cloud, due to the increase in cloud attacks in recent years.
How to Remember Your Passwords?
There are two ways organisations, banks and financial institutions use to protect the data of their clients. The first is multi-factor authentication, while banks and financial institutions add an extra step of using one-time passwords, which are sent to the user’s mobile phone to complete any financial transactions, and they are both ways of validating the user’s ID.
Other organisations allow a limited number of password entries, which means, that if you don’t remember your password, there’s a great chance you will get locked out of the system and you will have to contact the organisation to get your account unlocked.
Since writing down your passwords and, or storing them on the cloud are considered to be dangerous. There are less dangerous methods to store and remember your passwords, such as:
- Use a Password Manager: which is a computer application that will allow you to create, store and back up your passwords.
- Use a Single Sign-On System: This is an authentication method that allows you to use one single ID to log into several independent but connected systems.
In addition to these two, you can keep a written list of less important passwords. However, always remember to not use the same password for more than one account, or you’ll be putting all these accounts at risk if one of them is hacked.