You can now listen to this article
A couple of weeks ago, I was teaching a class on Cyber Security. I always talk about the requirement of using strong passwords. Here is the slide I use:
The most common answers to “Which is a more secure password?” are the second password, which is correct – to a point. Yes, it is a much more complicated password, but you will not be able to remember it, so you will write it down. The first password is complicated, harder to hack, and easier to remember.
During my presentation, there were several questions about passwords and password management options. This is why I thought it was worth addressing this topic again.
Complexity is the enemy of security
Creating and using strong passwords is one easy way to help prevent bad people from accessing your accounts. Bad guys collect passwords in many ways, such as by malware that scans the system and monitors Internet usage for usernames and passwords. Dictionary attacks are also used to guess passwords from a list of common ones. Most email systems are tough to attack with dictionary attacks because they won’t let you attempt login after login while trying different credentials.
The best defense is to use a good security suite and to keep it updated. These will make it much harder for malware to get on your system or to run unimpeded if it does. Most of them also detect and block phishing attempts.
However, you still want to have strong passwords. There are places where weak passwords can be compromised, such as the login for your PC. Now, very few people, including the experts, do all the things experts tell them to do in this regard. After all, it’s inconvenient.
Here are some guidelines for choosing a secure password:
- The longer, the better: At least eight characters.
- Mix upper and lower case, punctuation, and numerals.
- Avoid passwords that are words in a dictionary, especially common words.
- Also, avoid common passwords like “12345.” You’d be amazed how many people use passwords like these.
- Avoid reusing passwords, especially those for critical resources like your email, on other sites. Doing this exposes you to a broader compromise than necessary.
Even with these suggestions, please don’t make your passwords so complicated that you can’t remember them. Most of us don’t have the memory bandwidth to deal with a large number of obscure passwords.
An excellent next step is to use a password management program, such as Roboform or the open-source Password Safe. I have personally used Roboform for many years and recommend you try it out. There are several other very good password management options you should also explore. These programs let you auto-generate strong passwords, and it remembers them for you; you only need to remember a master password.
More detailed information about Roboform is available here.
What do you use for password management in your office?