You and Your Password
You might have heard the term “Strong Password” and may have wondered what it meant. Strong implies that it is more difficult to compromise and making it a stronger password is fairly easy to do. First we would like to lay out a few background facts and then we will show you an easy way to create a strong password.
Facts:
- People are the weakest link in the security chain, and the easiest way to get a user's login details is by asking him/her for it (see our related article on Social Engineering to see how this is done).
- Breaking Alpha Numeric (numbers and letters only) passwords will only take few minutes for a skilled hacker, even if it is up to 14 characters long.
- Most passwords are combination of a name plus few numbers and 8 characters long (jack1234).
- Most people will write down their passwords and store them in an obvious place like under the keyboard or pasted to the monitor.
Strong Passwords
The real goal here is to make a password that is not only strong but one that is easy enough for you to remember without writing it down.
We recommend creating a password with two distinct parts: part one is the password’s first 3 characters combined with the last 3 characters, and part two is the characters between those two sections.
Part one can be a constant and part 2 will need to change every time you change your password. We recommend password changed every 30-60 days – I know this sounds tedious but reassembling your credit ratings and trying to recover your stolen house are far more troublesome!
Part One
Part one contains the first and the last characters of the password and we recommend that it contain symbols and/or special characters and/or numbers. By using the special characters you are making a Brute Force attack a much more challenging exercise for a hacker. A Brute Force attack is when someone uses software to attempt every possible combination until one works. For every character you add to the sample set the job gets much larger for the attacker. Eventually if enough different characters/symbols are used it becomes impossible to use Brute Force unless they have few months to wait for the password.
A key concept of part one is to build it in a way that you will remember it.
For example: !@# )(* seems rather random but its actually (looking at the keyboard) 123 and 098. You can now see that you can leverage extra symbols in a meaningful way that is meaningful only to you.
Part Two
Part two needs to have at least 8 characters using lower and uppercase letters and also numbers (same rules as you typically use now when renewing your passwords).
For example: Lior1234
So my Strong Password could be:!@#Lior1234)(*
Remember the goal of using as broad a symbol set as possible and still making it easy for you to remember.
