Mike Gray

Passwords are an incredibly important part of your company’s security. One weak password and hackers will own you. Passwords are the keystone of technology security. It is the almighty password that unlocks all that we do with technology. I don’t like that.  There are much better ways to verify who you are.  For now, we are stuck with using the password until the other authorization methods become more prevalent.  What do you use your password for?

• You need a password to get into your computer
• You need a password to get into your email account
• You need a password to get into your bank’s web site
• You need a passcode to unlock your phone.

Even if you want to do the most basic of tasks with a computer you will still need a password to get onto that computer. If you tell me your computer doesn’t have a password, then please pay attention because this article was written just for you.

Basic Recommendations

Everything these days requires a password. You must make that password a good one.   Here are the basic recommendations for creating a good password.

• Minimum of 8 characters
• At least one capital letter
• One special character
• At least one number

There are also some things that you shouldn’t do.

• Don’t use your own name 
• Don’t use a kids name 
• Don’t use your dog’s name
• Don’t use a birthday
• Don’t use your social security number
• Don’t use your part of your address.   

Passwords should not be identifiable.  I should be able to look at a password and have no idea who that password belongs to.   If I look at a password by itself on a sheet of paper and it is Frank0117 and I know that your husband’s name is Frank and your birthday is the 17th of January that is not a good password.

Balance

We’re not supposed to use real words, but that can be very difficult to remember. If you are using random characters for the login to your PC the likelihood of you remembering all of them are slim. There needs to be a balance. For the login to the bank’s web site or for the login to a critical server, these should be more random and longer.   

We need to be rational and apply these best practices to real-world scenarios.  So instead of using whole words use parts of words. Another way to create passwords is by using letters that go to a phrase. 

• For example 
  • “We Visited Jamaica in the  9th grade.” Vjit9g!?  
  • “My dog Rosie Eats dinner at 6.” Mdreda6!

You can also use the phrase itself replacing the spaces with special characters.

• This?is#fun9

Still has the number of characters needed but is significantly more difficult to hack.

Bad Password Policy

Humans can remember multi-word phrases much better than gibberish.  That’s just a fact. Many people have argued that the most secure password is one you can’t remember.  While true it is secure. It is utterly worthless. What good is that password if you can’t use it?

Here is one that a lot of big companies still use and has been proven to be a waste of time. You no longer need to change your password every 90 days. In several studies, it was found that this only pushed people to use weaker passwords so they can remember them.  User’s passwords started strong but just got weaker and weaker as they ran out of passwords they could remember.  People would just add numbers to common words. Make it strong the first time and remember it.

Remembering It

Don’t write down passwords on paper by your computer.   In business, yes we write those passwords down on a sheet of paper and give it to the user.   After that user has been given the sheet, they should put it in a safe secure place and commit the password to memory.

Use a password manager like LastPass.   Log in to LastPass with 2-factor authentication.  Another option is the open source Keepass.  You can also save your login password in your browser’s password manager if you are the only one using that computer.