Blog / Password Security Advice – Paranoia has become the New Normal…
I remember when I seriously started getting into computers, which was a long time ago, last century to be exact. Passwords had a maximum of around 8 characters, because memory was limited and expensive. Security Advice was limited to making them a random string of characters and maybe installing antivirus software, but it wasn’t a big deal.
These days if you have a password less than ten characters-long, it is basically worthless, regardless of how complicated it is. Installing an antivirus software is expected. These are normal now, where before they were just “recommendations that were good to follow, but not necessary.” Is it that Paranoia has become the new normal, or were we simply oblivious before?
As the Jester said in William Shakespeare’s “King Lear” (Act III, Scene VI): “He’s mad that trusts in the tameness of a wolf, a horse’s health, a boy’s love, or a whore’s oath.”
When it comes to passwords, a bit of awareness (some could call it Paranoia) is the only thing that can really protect you. So, in the spirit of the upcoming festive season, I figured I would offer up some advice for having good passwords.
First of all, have an official Password Policy:
Obviously, this will only apply to organizations, but every outfit should have an official Password Policy that gets explained to everyone during an onboarding process. You can’t expect your employees to have good password hygiene, especially if you don’t require it of them. Having a Password Policy acts as a good reminder that having poor password hygiene is something the organization can instantly act on.
Okay, how ’bout some actual ‘password stuff’?
1) Make your passwords long – Anything shorter than 10 characters is pretty much useless, when it comes to being cracked by modern techniques. Having a long password may seem a bit scary, but it’s actually pretty easy.
2) Use a mix of character sets – Various types of characters are different, when it comes to the internals of a computer. This has a direct impact when it comes to how difficult your password is to crack. Make sure to use a mix of everything in every password. There are:
Upper case characters (a-z) / Lower-case character (A-Z) / Numbers (0-9) / Special characters and punctuation (!, =, %, etc.)
3) Making your password “leet” doesn’t give you extra Security – “Leet” speech is simply when you begin to substitute a character for something else that looks visually similar. Like for example switching a 1 for a lower-case L, or an @ for an A. Using a pattern like this is obvious and exactly the sort of thing that every attacker knows about, so they know how to deal with it.
4) Put together a memorable phrase – If you string a few words together or use a sentence, then hitting that recommended 10-character limit is easy. Randomly throw in a splash of mixed case and a few numbers and you’re there. “H!aving a rEAlly long Pass7word” is a really good passphrase; it is easy to remember, and includes all 4 character sets.
5) Try not to have too much of yourself in the password – Using things like your house number, parts of your phone number, names of children, or pets as part of your password, are all bad ideas. They’re easy to remember, but also simple for an attacker to discover. If you are looking for something memorable, then try things that cannot be directly or easily traced to you.
6) Use 2FA (Two-Factor Authentication) as often as possible – 2FA is when in addition to your password, you have an extra form of Authentication. The logic is that a password is ‘something you know’ and the additional Authentication is ‘something you have’. This could be a fingerprint, or passkey, or anything really. There are a lot of ways to set-up 2FA to work alongside your normal passwords. This is especially important when it comes to external access.
Ever since devices were first designed to keep people out of places, the art of getting past those devices has been in existence. Lockpicking is a good example. If you look around on YouTube, you will find many videos and channels dedicated to picking locks. The industry knows this and (for the most part) tries to keep improving in a never-ending arms race. Passwords are no different. As the tools to crack passwords get more powerful (computers), the bar for a decent password gets ever higher.
Don’t do as you’ve always done, just because it’s worked so far. That’s what the bad guys want. Be aware of the situation and adjust your habits as needed. Never leave your Security in someone else’s hands, if you don’t need to.
If you have any questions about Good Password Hygiene, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.