By Bryan Allen, CSM, CSS, ETA International
Enhancing Cybersecurity Through Strong Password Creation
Passwords are a critical piece of online privacy. From banks, doctors, and mortgage lenders to concert tickets, office supplies, and book stores, passwords are vital for anyone who is online today. It's crucial to stay up-to-date on password strength and utilize all available options when creating and maintaining accounts online. As technology gets better and faster, the times to crack passwords gets shorter.
To ensure you have a strong password, follow these simple steps:
- Avoid easy-to-guess words like “password” or “1234”. These are common and provide no protection.
- Do not use personal information like your name, phone number, birth date, etc.
- Do not use common words found in a dictionary unless combining with other words to create a string (see below).
- Make sure you create a unique password for each online website/account. This minimizes your risk in case one of your accounts is hacked.
- Use a combination of letters-uppercase as well as lowercase, numbers, and special characters like “%”, “$”, “!”, etc. whenever possible.
- When creating a password, use the maximum amount of characters allowed by the website/account. This will make it harder for hackers to figure it out. As an example of password strength per length with and without a special character:
- 9 Characters - 2 minutes / 2 hours
- 10 characters - 2 hours / 1 week
- 11 characters - 6 days / 2 years
- 12 characters - 1 year / 2 centuries
- Change your password often.
- Consider using a password manager such as 1Password (https://agilebits.com/) or Roboform (https://www.roboform.com/). These services keep track of your information so you don’t have to, and group them into one easy location for reference. Some will even alert you if a password is considered weak, or has been in use for too long.
- Check leaked password security sites such as "';--have i been pwned?" to see if your account might have been breached.
To help keep your passwords secure, never write them down on a piece of paper, or share with anyone. This includes the “remember password” and “autofill” options on your favorite browser. Avoid using public computers for any website/account needing your login information.
Password Examples (Please Do NOT Use)
- a3226*JiwYjqVaMc@cs3el$AqX8akOW@s@l!IJ7kQNYPqvXgJD2Nr9TSWH%lL%QY (64 characters)
- 0%R&1OaXKOI6%IqYfw0EdDr3@E0Ru#bbRfl8fNvt9OfcH (45 characters)
- 9mzPu64FUceg%18pHW#$bVJfFZzMGA0^ (32 characters)
- 1xZq8X6AF!ArV!bxh43$*K9UZ (25 characters)
- a6D$zg!f&22!H3 (14 characters)
Or, you can always use the XKCD method!