Passwords Done Right: Getting The Protection You Need

Passwords: they can be a pain to remember. A password, like anything, is only as strong as its ability to remain secure. In this post, we will discuss best practices when it comes to building a better defense using passcodes and other methods.

Most people use weak passwords. Passwords can be weak for multiple reasons, but a primary cause is that many people use the same password or a slight variation of the same password repeatedly across accounts. The U.S. Department of Commerce’s NIST (National Institute of Standards of Technology) reported that more than 80% of breaches occur due to stolen or weak passwords.

Short passwords without a significant range of character types are vulnerable to brute force attacks. Yielding longer and more complex passwords drastically improves a password’s ability to defend against brute force password breaking methods.

For that reason, the first way to improve a password is to increase its length–the longer the better. An even better solution is to pick a passphrase. Instead of choosing a word or random sequence of characters, choose an instance or an image, preferably something memorable and therefore extravagant, ridiculous, or comedic. Maybe try a song’s lyric, or a passage from your favorite book–something you will easily be able to recall. Once you add in a special character and a number, your password’s strength will have improved dramatically and you will have an easier time remembering your password than regular passwords that most people tend to forget.

This technique has no bounds as long as you are creative. Generating sequences of letters, numbers, and symbols that have no apparent meaning is an excellent way to boost security. If you take the first letters from the phrase, “My childhood dog’s name was Casper and he lived to be 12,” you could use “McdnwCahltb12” as a password, which is much stronger that “Casper12”.

Another easy way to improve security is to use two-factor authentication to your advantage. This may appear inconvenient at first glance, however, nowadays you can do this by just receiving an SMS text. If a website or application gives you the option, allowing two-factor authentication (to login you must first receive a random PIN number via email or text and enter it along with your regular login credentials) raises the security bar exponentially.

Another option is to use a password manager. Password managers will randomly generate strong passwords for you while also keeping track of them in one place. If you go this route, we advise picking a reputable password manager considering there could be large repercussions if the password managing company were to have a data breach.

What are your thoughts on passwords vs. passphrases, two-factor auth, and password managers? Feel free to comment below or message us in our live chat 🙂