strong password graphic

Strong Passwords—The First Line of Defense

Unless you don’t use the Internet at all, you have sensitive information that is password protected. Email accounts, bank accounts, social media profiles, bill pay accounts, and probably a lot more are all secured primarily by a username and password. Unfortunately, no authentication system is perfect, so accounts can, and often do, get hacked because of security breaches or easy-to-crack passwords. You can’t do much about security breaches at a retailer, but you can do your part by using strong passwords. Fortunately, you don’t need a string of unintelligible letters, numbers, and symbols to have a strong password.

Password No-Nos

According to security researchers, ideal authentication (like what your bank may use, for example) should use three identifiers:

  • something you know (a number combination, PIN, code)
  • something you are (fingerprints, retinal scans)
  • something you have (keycard, USB token)

Authentication that combines these safety measures is extremely hard to hack. However, most online applications are only able to use one or two of these steps: something you know (your password) and, in some cases, something you have (the IP address of your computer, for example).

Since strong passwords are often our only line of defense, savvy Internet users avoid simple mistakes that could cost them.

  • NO BIRTHDAYS – Passwords that rely on just personal information like birthdays, pet’s names, old addresses are easily remembered but also easily broken because there is so much personal information floating around on the web for unscrupulous characters to nab. Don’t assume that just because you aren’t using “password1” or “123456” that you’re safe: a password based on any personal information accessible to a third party is hackable.
  • NO SHORT/SIMPLE PASSWORDS – Hackers have powerful computers that can run millions of letter and number combinations relatively quickly. The shorter or simpler your password, the easier it is for them to break it.
  • NO REPEATED PASSWORDS – Using one password for every online account—even if it is a strong password—means one breach opens up your entire online identity. While it’s ideal to have unrelated passwords for each account, try to have separate, strong passwords for especially important sites like banks, PayPal, online retailers, etc.
  • NO OLD PASSWORDS – It’s advisable to change passwords every 1-3 months.

Now, does this mean that passwords need to be an unintelligible combination of letters, numbers, and symbols that have to be written down to be remembered? Not necessarily.

Creating Strong Passwords Using Entropy

It is possible to craft a strong password that is both secure and easy to remember thanks to entropy. The concept of entropy comes from thermodynamics, but it is basically a measure of randomness. The longer a password is, the more bits of entropy it has, which makes it more secure. If you string together four random words that are five characters or longer, you can have an easy-to-remember password.

Here’s an example. The grouping “broccoliheadsplantedsmell” is an easy-to-remember password with 44 bits of entropy. At this level of entropy, it would take a fast computer 550 years to break the code if it made 1,000 guesses per second. Even a complicated series of random letters, numbers, and symbols won’t be more secure and won’t be near as memorable.

The trick is to come up with four or five short words that are related in your mind but not based on personal information or consistent with English grammar. For example, “firstaddresswas0123” would be weak; “addressphonesgreenrunning” would be strong. Picking different parts of speech (nouns, verbs, adjectives) will make these random strings of words even harder to break.

Stay Protected with Real IT & Support

Many of our customers have found a password plug-in like LastPass to be a great resource for organizing and recording passwords. We can help you set up the service so you don’t have to keep track of the different passwords we recommend you use for each account.

While you can do a lot to keep yourself protected by crafting unique strong passwords, much of the responsibility rests with your network and computer. Give us a call today to see how we can improve your online security. In the event that you do get hacked or download spyware or malware, we can help with that too.