;
Why Strong, Unique Passwords Are So Important
Posted on 7/21/2016
Cybersecurity experts continually identify the use of strong, unique passwords as one of their top recommendations. However, this is also one of the least followed recommendations because unless you know the tricks, it’s difficult to remember strong, unique passwords for every login and website.
Cybersecurity experts continually identify the use of strong, unique passwords as one of their top recommendations. However, this is also one of the least followed recommendations because unless you know the tricks, it’s difficult to remember strong, unique passwords for every login and website.
Cybersecurity experts make this recommendation for several reasons. Every day cyber-criminals compromise websites and online accounts, and post lists of usernames, email addresses, and passwords online. This exposes people’s passwords, and worse yet, additional information that uniquely identifies the user, such as an email address. That means that a criminal can look for other online shopping, social media or financial accounts for that same person. When the criminal finds those accounts they can try logging in with the exposed password. If the password is reused, they can gain access to further accounts. This is why unique passwords are so important.
Additionally, when hackers can’t easily find or a guess the password, they may use a technique called brute forcing. This is a technique where they try every possible character combination until the correct password is identified. Computers can try thousands of passwords per second. Even with this speed, the criminals rely on weak passwords to gain easy access. The stronger the password the less likely brute forcing will be successful.
When brute forcing techniques are used, every word in the dictionary is tried because it’s easier to look for words than random letter combinations. This technique is not limited to English, so switching languages will not help. Since many passwords require a combination of upper and lowercase letters, numbers, and symbols, the criminals are counting on human instinct to narrow down the possibilities. For instance, most users will pick a word, put the uppercase letter first, and end the password with the number and symbol. Alternatively, many people will replace common letters with a number or symbol that represents that letter. This changes a common password, such as “password,” into the only slightly more complex password of “p@ssw0rd,” which is still an easy to guess pattern.
When it comes to password complexity, some people think: if it’s impossible for you to remember it, then it’s a good password. However, when users set passwords that are difficult to remember, they have a tendency to write them down. That’s a definite no-no when it comes to security! Never store your passwords in an easily accessible location. Don’t leave them on your desktop, tape them to your monitor screen, or keep them in your wallet or purse.
Recommendations
Consider using a password manager, that can run on a computer, smartphone, or in the cloud, that securely tracks and stores passwords. Most password managers can also generate strong, random passwords for each account. As long as the password to access the password manager is strong and unique, and two-factor authentication is being utilized, this technique can be effective. However, if your cloud-based password manager is compromised, or vulnerability in the software is discovered by an attacker, it is still possible that all of your passwords could be compromised. When choosing a password manager, ensure it is from a known, trustworthy company with a good reputation.
Another technique to assist in building strong, unique passwords, is to choose a repeatable pattern for your password. One suggestion is to choose a sentence that incorporates something unique about the website or account, and then use the first letter of each word in that sentence as your password. For example the sentence: “This is my July password for the Consumers Credit Union website.” would become “TimJp4tCCUw.” This password capitalizes 5 letters, swaps the word “for” to the number “4,” and adds the period to include a symbol. The weakness in this technique is that if multiple passwords from the same user are exposed, it may reveal the pattern. Variations on this technique include using the first letters from a line in a favorite song or a poem.
At a time when millions of people become identity theft victims every year, a well-thought-out approach to password security is a big part of preventing identity theft. The very least you can do is make it difficult for others to guess or find your passwords.
Cybersecurity experts make this recommendation for several reasons. Every day cyber-criminals compromise websites and online accounts, and post lists of usernames, email addresses, and passwords online. This exposes people’s passwords, and worse yet, additional information that uniquely identifies the user, such as an email address. That means that a criminal can look for other online shopping, social media or financial accounts for that same person. When the criminal finds those accounts they can try logging in with the exposed password. If the password is reused, they can gain access to further accounts. This is why unique passwords are so important.
Additionally, when hackers can’t easily find or a guess the password, they may use a technique called brute forcing. This is a technique where they try every possible character combination until the correct password is identified. Computers can try thousands of passwords per second. Even with this speed, the criminals rely on weak passwords to gain easy access. The stronger the password the less likely brute forcing will be successful.
When brute forcing techniques are used, every word in the dictionary is tried because it’s easier to look for words than random letter combinations. This technique is not limited to English, so switching languages will not help. Since many passwords require a combination of upper and lowercase letters, numbers, and symbols, the criminals are counting on human instinct to narrow down the possibilities. For instance, most users will pick a word, put the uppercase letter first, and end the password with the number and symbol. Alternatively, many people will replace common letters with a number or symbol that represents that letter. This changes a common password, such as “password,” into the only slightly more complex password of “p@ssw0rd,” which is still an easy to guess pattern.
When it comes to password complexity, some people think: if it’s impossible for you to remember it, then it’s a good password. However, when users set passwords that are difficult to remember, they have a tendency to write them down. That’s a definite no-no when it comes to security! Never store your passwords in an easily accessible location. Don’t leave them on your desktop, tape them to your monitor screen, or keep them in your wallet or purse.
Recommendations
Consider using a password manager, that can run on a computer, smartphone, or in the cloud, that securely tracks and stores passwords. Most password managers can also generate strong, random passwords for each account. As long as the password to access the password manager is strong and unique, and two-factor authentication is being utilized, this technique can be effective. However, if your cloud-based password manager is compromised, or vulnerability in the software is discovered by an attacker, it is still possible that all of your passwords could be compromised. When choosing a password manager, ensure it is from a known, trustworthy company with a good reputation.
Another technique to assist in building strong, unique passwords, is to choose a repeatable pattern for your password. One suggestion is to choose a sentence that incorporates something unique about the website or account, and then use the first letter of each word in that sentence as your password. For example the sentence: “This is my July password for the Consumers Credit Union website.” would become “TimJp4tCCUw.” This password capitalizes 5 letters, swaps the word “for” to the number “4,” and adds the period to include a symbol. The weakness in this technique is that if multiple passwords from the same user are exposed, it may reveal the pattern. Variations on this technique include using the first letters from a line in a favorite song or a poem.
At a time when millions of people become identity theft victims every year, a well-thought-out approach to password security is a big part of preventing identity theft. The very least you can do is make it difficult for others to guess or find your passwords.