One of the biggest challenges facing computer users today is creating — and remembering — their account passwords, which are required for practically all online transactions.
Many people use the same password for multiple accounts — putting their data at risk — simply because it’s convenient. Because account providers require different lengths, characters, and periodic password changes, it can seem daunting to create strong passwords that are unique and easy to remember.
So, how do you keep the password guardians happy and still maintain your sanity? By following these two best practices.
Best Practice #1: Increase Randomness
Entropy is the numeric measure of a password’s randomness. The higher the value, the more unpredictable the password. Basically, the greater the entropy value, the harder it is to crack your password.
Best Practice #2: Make Your Password a Passphrase
According to some experts, the length of your password matters more than how complex or random it is. Using this principle, a 16-character passphrase (a few words strung together or a sentence) that is made up of only lower-case characters is stronger than an 8-character password made up of mixed upper- and lower-case letters, numbers, and special characters.
Even better, that 16-character passphrase is easier to remember. For example, a good passphrase with high entropy could be something like “ourdogdeliverspizza”.
Passphrase Tips and Tricks
Using just lower-case characters can help you make and remember passphrases easily, but some password guardians have additional requirements. Here are examples of what you can do for systems that require:
- Mixed-Case Passphrases — Include both upper-case and lower-case characters, such as “OurDogDeliversPizza”
- At Least One Digit — End the passphrase with a specific digit, e.g., “OurDogDeliversPizza5”
- A Special Character — Tack one on at the end, as in “OurDogDeliversPizza5@”
- Regular Password Changes — For example, if you decide to change your password in April, try something like “OurDogDeliversPizzaApril5@”
To avoid using the same passphrase for multiple accounts, customize the phrase for every site, e.g., “OurDogDeliversPizzaYahoo5@,” “OurDogDeliversPizzaAmazon5@,” and so on. Make up your own system and use it for every passphrase, whether or not the password guardian requires any or all of the rules listed above.
You can also experiment with the following strength calculators, but to be safe, don’t use any of your real passwords:
The Bottom Line
Passwords don’t have to be a chore or hard to remember. Be creative and consistent, and you’ll have better online security in no time. Just remember these two mantras — increase randomness and use passphrases.
Browse more resources on the MassIT Enterprise Security Office website during National Cyber Security Awareness Month this October.
Defending Against Ransomware posted on Oct 18
According to the United States Computer Emergency Readiness Team (US-CERT), ransomware is the fastest growing malware threat, with more than 4,000 attacks occurring each day. This type of malware blocks a user from accessing data until the operator of the malicious program receives payment. For …Continue Reading Defending Against Ransomware
What’s Compliance Got to Do with It? A Look at Two Hacks posted on Oct 13
Imagine you’re leaving for a weeklong vacation. Would you leave your doors unlocked when you left the house? Probably not — this would put your possessions at risk of theft. Just locking your doors could deter potential thieves. The same logic applies to computer systems. …Continue Reading What’s Compliance Got to Do with It? A Look at Two Hacks
Where’s My Data? 10 Simple Tips for Securing Your Business’s Data posted on Oct 11
As a business owner, you can protect your employees, business, and customers from hackers. MassIT shares 10 tips to help IT departments at companies big and small create a security plan to keep their data safe. Identify Sensitive Data — Know where sensitive personal information, including …Continue Reading Where’s My Data? 10 Simple Tips for Securing Your Business’s Data