Assembling your personal key – how to set a strong password

January 6, 2016
Assembling your personal key – how to set a strong password

All good passwords have to meet a double condition: hard to guess, yet unforgettable in what their owner is concerned. Even more, how do you achieve that? Obviously, many password users fail at choosing the best virtual key for their accounts. Yet another password secret relies in seeing the overall image: one individual password may seem infallible, but is it really secure when placed in the context of the user’s Internet persona? Or does it reflect too much personal data, itself available somewhere else on the web?

Since in many instances of data breaches the specialists discovered (over and over again) the fact that users rarely bother to find passwords able to fend at minimum the least sophisticated hackers, there are many online articles trying to offer useful tips in deciding on a suitable, strong password.

Premises in creating a strong password

Many of us have the (wrong) impression that our passwords are strong and safe. Yet we do not take into consideration the way password crackers operate, nor the fact that they exceed the human expertise – many automated password crackers programs are available for the interested malicious parties to use. Here is some useful advice:

  • Keep in mind that your potential adversary might be a very skilled cryptologist or an efficient software;
  • Review what an insecure password look like, in order to set your landmarks (are these passwords – 123456, 123456789, password, admin or 12345678 familiar to you? According to studies, these very common combinations/words are employed by many account owners who seem to be unaware of the risks);
  • Check a very similar password to the one you are planning to use with an online checker – it will estimate its properties and breach risks, depending on the program. Why a similar password? Because it is better than introducing your actual password into an online application/program – as a cautionary measure;
  • Remember that professionals recommend using longer passwords (of minimum 12 characters), avoiding the use of dictionary words and employing a mix-up of letters, numbers and symbols.

Strong password tips

The usual recommendations comprise various methods on how to create unique combinations of characters, unrelated to anything with special meaning to the user.

Lengthy and complex passwords are the strongest. The Schneier scheme suggests turning sentences into lengthy words, which can be remembered via a hint or the initial sentence written down on a piece of paper.

We’ve already mentioned above how making sure to have a lengthy password made out of various characters takes you halfway on the right path to cyber-security. The same tips can be found on Microsoft’s dedicated page, and basically in any “how to” material.

The main things to remember when setting up a password would therefore be:

  • Avoid common passwords (these are the first to be cracked) and do not let yourself tempted by passwords “at hand” such as your personal data, the word “password” itself (in any language), website names and so on;
  • Do not duplicate passwords in an uninspired attempt to remember a unique password for all your accounts; if or when this Omni-password is broken, all your accounts will be too;
  • Mix the characters without using obvious substitutions (replacing “o” with zero or “i” with 1 is not proper character mixing; it is not advisable to rely on dictionary words nor on words that are not combined with other characters; try to use over 8 or even 12 characters;
  • Change your passwords from time to time, making sure to randomize the intervals for each different account (universal routine leads to predictability, which favors cyber-threats);
  • Go for double-factor authentication or multi-factor authentication whenever possible; this would be particularly useful when instituting employee accounts – a double security layer reinforces any employee training you may have offered your employees in the direction of correctly setting up their passwords; double the password with a code independently generated daily or weekly or with a token or other mean of separate authentication.

Once establishing a valid, functional method of remembering your passwords and assuming the basic rules mentioned above, the password options are infinite.

Alternative resources in password management

Yes, once we think just how important passwords are in cyber-defense, any cyber-security conscious person could very well consider a password management system (or micro-management).

First, let us remember how choosing the right partnerships may improve your cyber-security status. The cyber-protection employed by the websites one has accounts with is also important. A strategy in creating strong passwords and mnemonic systems to remember them goes in pair with a cyber-cautionary attitude versus websites. Various researchers pointed out how renowned websites do not offer a strong enough protection when it comes to user accounts. When sites accept weak user passwords they create unsafe environments – what if accounts related to your own account get breached? You may control your choices, but only the website can impose an overall stronger security level. Unwanted events happened even to specialists – remember the 2015 LastPass breach? Nevertheless, it is always preferable to request a high security standard to begin with.

In addition to secured online partnerships, there are alternative methods that can enhance your personal password-related security, such as:

  • Using a safe password manager (especially when having a large number of online accounts);
  • Employing advanced login systems (multi-authentication methods, biometric authentication included, as one of the multiple authentication means);
  • Having specialized tools – check this article on Qwerty, a wallet-sized card that generates and organizes passwords.

Finally, it is important to remember that details are very important in any tech-related activity. All the strong password followed by the book might not serve their purpose in crowded environments if each and any involved entity does not take in, understand and apply a cyber-aware attitude. Strong passwords should remain strong. Sharing the data, neglecting to refresh/change passwords, exposing the account credentials and generally acting carelessly ultimately invalidate all cyber-security password-related measures.

Keep yourself and your employees informed and vigilant, here is an advisable attitude that turns into a skill in the cyber-security field.

Subscribe to our weekly news digest!

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for subscribing.
We'll be sending you our best soon.
Something went wrong, please try again later