In my last blogpost, I gave an overview of why it is important to make your password secure. If you have not read it, you can see it here. Today I am going to go through some tips to help make your password strong and some tips on how to remember it.
At Macnamara, we have a standard procedure when creating a password:
1.They must be at least 8 characters in length.
2. They must not contain any full words (nor words that can be linked to your company. E.g., street that your office is on, company name, family member or pet name & dictionary words)
3. They must have at least 3 out of 4 of the below:
a. Upper-case
b. Lower-case
c. Numbers
d. Symbols
It can be hard to think of a password that you can remember when you need it, let alone multiple passwords and variations. What can make this is easier is using a methodology or naming convention for your passwords. One thing I like to do is to think of a song that I know, and then take the first letter of each word in a random part of a song.
For example: I could pick the song ‘Never gonna give you up’ by Rick Astley and use the following verse to create my password:
“Never gonna give you up”
“Never gonna let you down”.
Taking the first letter of each word and including a mix of upper case and lower-case letters, the password would be: NggyuNglyd
I would then use this website to check how secure the password is. For the above, it says that it would take a month to crack, so I would need to add something else to make it more secure. If I were to add in numbers (making the password Nggyu1Nglyd2) and check the website again it now says it would take 2,000 years to crack that password so already it is much more secure. If I want to make it even more secure, I can add a symbol (Nggyu1Nglyd2*). Now it would take 2 million years to crack.
Most of the time you will not need a password that is that secure, but it is a good idea to start thinking about ways to make your password strong, whilst also making sure it is easy to remember.
Another surprisingly effective convention is using three different words that have no meaning together – like: PineappleShoeToilet – & when you put it into the website, this would take is 15 billion years to crack! Try it yourself. I will discuss it more in an upcoming blog.
Another method for creating a strong password which I have recently started using is by using this website. Here you can set the criteria for the password, including:
1. Password length (number of characters)
2. Whether to include Upper-Case letters.
2. Whether to include Lower-Case letters.
4. Whether to include numbers.
5. Whether to include symbols (e.g., @#$%)
6. Whether to include similar characters (e.g., i, l, 1, L, o, 0, O)
7. Whether to include ambiguous characters ({} [] () / \ ‘ ” ` ~, : . < > )
You can also choose to generate the password on your Device (which will avoid you having to send the password across the Internet as your computer will generate the password itself)
You create the password then copy it to your clipboard & paste it in the desired field.
It makes it easy to create a password and even gives you a hint at remembering it. If I wanted to use the password: Abw06#&2CR, it gives me the following to remember the password:
APPLE bestbuy walmart 0 6 # & 2 COFFEE ROPE
Sure, it is not the most intuitive way of remembering, but it is better than remembering the password as it is and it uses the same convention as I outlined before but using different words.
Another way to help overcome the issue of remembering passwords, is to use a password manager like LastPass which will collect and store all your passwords on your local database and then you need a single master password to access all the other passwords. If you use this kind of systems, I recommend that you make this password as secure as possible and, of course, protect access with two factor authentication. See our blog on Why Use Multi-Factor Authentication? Then you would not have to make each of the other individual password as secure, though keep them relatively complicated.
I.e., Main password = 16 digits, Upper-Case, Lower-case, Numbers, Symbols, Similar characters & Ambiguous characters.
Secondary passwords = 8-12 characters Upper-Case, Lower-case, Numbers & Symbols.
That way, you have multiple lines of defence when it comes to someone trying to gain access to your accounts.
Final thoughts
Keep in mind that as technology progresses the tools that hackers use to crack passwords become more powerful which will reduce how long it takes for them to crack a password – so even if a password might take 10 years to crack now, as technology gets better this could be cut in half in just a year’s time. Have a look here at Making sense of computer processor names, numbers and speeds to see the rate at which computers are getting faster.
Therefore, even if having a password which takes 500 years to crack sounds like a long time, as technology improves this will be reduced, so always go for as secure a password as you can handle.
I would recommend playing around with different types of passwords on this website to see what works for you and how secure you can make your password.
We would be interested to see how you get on so Tweet us at @Macnamara_ICT to let us know how strong your passwords are (though please DO NOT use or share your actual passwords! Just create a password to use, using the same naming convention you already use) Just take a screenshot of your result like mine below & see if you can beat me!
Further “reading” – Password Cracking – Computerphile
