The rise of cybercrime is now a major concern for organisations of all sizes across the world, with the cybercrime industry rising in value to $1 trillion in 2020. This will only continue to rise, as the number of devices connected increases. Creating secure passwords is one easy way for everyone to help safeguard against cyber attacks. Here, our Support Technician Luke shares his advice on creating strong passwords which are both harder to crack (by a large margin) and easier to remember.
First off, if one or more of your passwords is simply “Password”; or a variation of it, or has 1234 in it, then change it immediately!
An important phrase to think about when creating a password is ‘password entropy’. This is just a fancy term for “How much information is in a password”. The less information that’s stored in a password, the higher the chance of cracking attempts being successful, since there is less of a search base to go through.
When working out if a password you have is susceptible to modern cracking attempts, you need to focus on two things:
- Can your password be brute forced? If it is less than or equal to 8 characters long then that’s a YES. If it is more than 9 characters and contains symbols, then you’re in a better position. One thing to note is that as computing power gets faster, these limits will increase
- Is your password dictionary-attack proof? Using common words with some letter substitutions such as replacing a o with a 0 or replacing an e with a 3 will be susceptible to dictionary attacks, as these are common substitutions
How to create a strong password
- No password should contain fewer than 8 characters. Depending on complexity of an 8 character password, these could be cracked within a few hours!
- Choose three random words: for example “ballotdistributemidnight”. Even with this being all lowercase, it is highly resistant to brute force attacks due to its length
- Make sure at least one of these words is NOT in a list of the top 10,000 words most used, a list which threat actors make use of. Use a word that isn’t said very often, and don’t pick a word relevant to your life
- As a final measure, place a symbol somewhere in the password, to confuse password cracking software
