Most of us – especially those reading this blog – have used one or more passwords in the past 24 hours. Passwords protect our personal and business information, but how secure are they? The first computer passwords were developed in 1961 by MIT for CTSS applications. Since then, passwords have become ever more present and important. Some of us use one password for everything. The teachings of cyber security deem that one password for everything – no matter how secure or complex – is a vulnerability. This is because if a hacker were to breach a single site that does not use strong encryption, then he or she would have access to all of the accounts that use those credentials.
Most of us have dozens of passwords floating around in our heads. It can be difficult to remember so many different passwords, so some people write them down – which means anyone who can get a hold of the paper now has access to your accounts. Others rely on variations of a similar pass phrase; for example: password, Passw0rd, and Pa$$word. While this seems like a reasonable solution, it is not. Hackers have extremely powerful programs that run, trying each and every combination, until the correct password is “guessed”. This has given rise to password “lockers” where a single application has all of your passwords stored. There are still issues with these applications, but they are a step in the right direction.
Some companies have chosen to include biometric data in their cyber security platform. This means that not only do you need a passcode; you would also use a fingerprint scanner to verify your biological identity. This infringes on the privacy of the user, but certainly increases the security of the company. Alternatives to biometric data could be a magnetic or proximity card, similar to those used in physical access control systems, which would be required in addition to a passcode. Another alternative is an image verification process. In this method, the user would select an image that would be verified upon a login attempt. Lastly, Google launched its 2-tiered login process where an SMS message is sent to the user’s phone which contains a 6-digit PIN. The user must enter the code in addition to their password. All of these systems are 2-tired and increase the security of a system.
Passwords are not the pinnacle of cyber security, but they are what most of us have to work with. So how can you create the safest passwords possible? Here are some guidelines for users creating or updating passwords:
- Length: The number of characters in the password.
- Make passwords at least seven (7) characters long, and remember that longer is better.
- Width: The variety of characters used in the password.
- Passwords should contain at least one uppercase letter, lowercase letter, number, and symbol.
- If allowed, ASCII characters can increase the security of a password.
- Depth: How conceptually challenging is the meaning of the password?
- Do not use your company name, username, or real name in the password.
- Do not use a dictionary word.
- General Guidelines
- Remember: The best passwords are easy to remember but hard to guess.
- Do not increment passwords (password1, password2, password3, etc.) Each new password should be significantly different from the ones before it.
- If you do write your passwords down, ensure that they are stored in a secured place and are destroyed as soon as possible.
- Never share your password with anyone.
- Use a different password for every account (and a different user name when possible).
- Stay vigilant. If you suspect a password has been compromised, change it immediately.
- If given the option to save a password, remember that it may pose a security threat.
- Examples of excellent passwords:
- J*p2ba4>H! (Joyful star played tuba for more than an hour!)
- Fl#sw33t>OH (Florida – hashtag sweet – is greater than Ohio)
- D0gsrm!fav (Dogs are my favorite)
- F4NS!Nu$a (Big fans in the USA!)
In addition to creating strong passwords, there are additional protocols that can fortify the security of a business’ network. Here are some guidelines for owners and managers:
- Create policies that require users to change their password every 30-90 days. This will ensure that even if a hacker does gain access to the network, it will only be valid for a limited amount of time.
- Insist that the passwords be significantly different from several previous passwords.
- Set a minimum password length and establish complexity requirements.
By following these guidelines, you can take a major step toward a more secure business and protect your personal information online.