Passwords 101: A Strong Password Isn't Just Paranoia
As our digital lives have become more complex increasingly taking private information online, so have the tools and techniques for stealing that information. From our credit cards to our bank accounts to our social security numbers, information is being passed all over the world and though many different computer networks. While most companies make a concerted effort to product their users, we as users cannot simply rely on that. We must make our own efforts to protect not only our privacy but the passwords to that privacy as well. While it's widely accepted that the password methodology of security isn't really all that secure, it's currently the de facto standard in place today. As such, we should use it to it's fullest capabilities.
What Makes A "Strong" Password?
So when is a password considered to be strong? What are the key ingredients for a password to be considered strong? There are a number of factors that are key to creating a strong password. Of course, none of these are guaranteed to make your password "hack proof" but they definitely do help:
Make your password something that could not be easily guessed or "dictionary hacked". Even though only you and a handful of your friends know that you love calico cats, a password such as "ILoveCalicoCats" is probably a very bad idea. Even if your password contains all recognizable words in a random order such as "DogFishChairHatCouch", this too can be every easily hacked using a technique called a "dictionary hack", also known as brute force hacking. A dictionary hack is a technique in which a computer program will literally try combinations of recognizable words until it finds a match for your password. Using all recognizable words makes the job of the computer program very easy.
Make your password at least a minimum of eight characters. Passwords such as "12345" or "abcde", while not containing a recognizable word, are very easy to hack. The more characters you use the better. In general, it's strongly advised to use the most characters you can as dictated by the service you are logging into.
Include a variety of numbers, symbols and alphabet characters. One of the best ways to create a password that is still fairly memorable yet complex enough to not be easily hackable is to use leetspeak. Leetspeak is the process of replacing specific letters in the alphabet with numbers or symbols that visually resemble those letters. For example, here are a few letters:
How this works is simple. The password "MyNameIsMatt" might actually be converted to "MyN4m3|5M477" and if you couple this with an exclamation point or pound sign, you have a fairly reasonable password.
Avoid making your passwords memorable. "Wait, what?? You just said..." Yes, I know. If you really must make your passwords memorable, there are tricks to doing so with a reasonable amount of security. However, humans are creatures of habit. We create passwords that unknowingly reveal more about us then we think. The best way to ensure your passwords are as secure as possible is to create random string of nonsense. Of course, you won't be able to remember that, and that's where password managers come into play. A good password manager is godsend. They pretty much all work in the same manner. The user has one password that they use to unlock the software. This password is NOT USED anywhere else but for this one purpose. Once unlocked, the user can copy and paste the passwords as needed. Yes, it's an extra step, but it's an extra step that gives you a whole lot more security.
Of course, if you really want to optimize your password, then you should consider testing your passwords entropy. However, this is a fairly complex piece of math and unless that's your thing, the safe rule of thumb is that the longer the password AND the more varied the character are within it, typically the more secure it will be. It's also worth noting that a more complex password should not be considered a reason to forgo all other security measures. This is just one tool in your toolbox of digital security.
Is a Complex Password Enough?
Sadly, no. As more of our lives go online, the chances that someone with malicious intent will break into our social network accounts and stop there is highly unlikely. If someone can gain access to your social network account, chances are very likely they can use that to research and find other websites that you use and attempt to gain access to those as well. This can include but not limited to:
other social networks
banking web sites
investment web sites
government portals
However, all is not lost. Typically individuals with malicious intent are looking for an easy win. They will hack a web site and gain access to millions of accounts knowing that only a percentage will have weak security measures that they can exploit. If you follow these additional steps, you further increase your personal security and reduce your risk of being vulnerable:
Never use the same password twice (this is very easily accomplished with a password manager).
Use two factor authentication, also known as two step login, if given the opportunity.
Change passwords to highly sensitive web sites frequently.
While online and digital security will always be an ever growing and evolving industry, users can take proactive steps to protect themselves online. Sadly, even after all of the major events in recent years, many people still do not heed this warning. My goal in writing this was not to add one more blog post to the top of the pile. There are thousands of articles on password strength. My goal was to continue to shine light on a very important topic that users must take seriously. No longer can we just assume that everything on the internet is safe or that "it won't happen to me." With a little effort, we all can maintain a reasonably safe and secure digital experience.














