Password is one of the most commonly used form of authentication today. Everyone uses it in their daily life to access various facilities and resources on their computers, portable devices and on the web. Though we feel that password is a secure authentication method, it has shortcomings which are generally overlooked.
Before we go any further, if you are short on time you can watch the following presentation to understand the complete article:
Any system that implements a password based authentication makes some basic assumptions and relies on users to create a strong password which is dependent on 3 major characteristics:
Length of the password
Unpredictability of the password
Complexity of the password
Though each of the above mentioned characteristics increases the security of the password it also makes it difficult for the user to remember them. With multiple passwords to maintain this problem escalates further and gives rise to password fatigue, leading to poor security.
Best Practises in Setting Passwords
Though there are no set ways of selecting your password, there are few best practices that you should follow:
Do not use personal information like birthdays, home address, phone number, licence plate number etc in your password. It is easy to find out personally identifiable information and it is even easier to crack it if you’ve used it somehow in your password.
Avoid using common words that are present in dictionary. Dictionary attack is a common methods to crack passwords.
Change the default password if any. Most of the time when a new account is setup a default password is assigned for it, change it immediately because it is known to others and is the biggest weak link in the system.
Do not use repeated words like ‘johnjohn’ or ‘kittenkitten’.
Password should be of at least 8 characters. The lengthier the password more difficult it is to crack it. Use this tool to find out how much time it would take to crack a password.
Password should always contain a mix of upper case, lower case, numbers and special characters.
Change your password often. Strong password policy is necessary to uphold security.
Some hackers use social engineering to get your password so don’t give out your password at any suspicious or unsolicited places.
Always set different passwords for different applications. In case of same password, if one of them is compromised, your rest of the accounts can always be compromised easily.
Never write down your password or share it with someone else. If you do tend to forget your password then write a hint on a paper and keep it in your wallet or any other place which is only accessible by you. Do not mention that it is your password on the paper.
How To Set Difficult Passwords?
Setting a difficult password while still making it easy to remember is a difficult process and there is no single way of doing it. People come up with creative ways and you can too. But if you aren’t able to then you can follow one of the following:
Make use of the phrases: Select any of the common, easy to remember phrases and use the first letter of each word to make a password. For example:
You can lead a horse to water – Yclahtw
A fool and his money are soon parted – Afahmasp
Barking up the wrong tree – Butwt
If you select a shorter phrase you can add numbers and special characters to make it longer and complex.
Add the name of the service: You can further add name of the service you are using to the above concept to make it complicated like:
You can lead a horse to water – Yclahtw or YclahtwGmail
A fool and his money are soon parted – Afahmasp or AfahmaspYahoo
Barking up the wrong tree – Butwt or ButwtFacebook
You can further complicate it by using special characters or numbers in place of similar looking characters, like:
You can lead a horse to water – Yclahtw or YclahtwGm@iL
A fool and his money are soon parted – Afahmasp or AfahmaspYah()()
Barking up the wrong tree – Butwt or ButwtFaceb##k
Complicated pattern on the keyboard: You can select a particular pattern on the keyboard to make a password. For example, you can press 2nd key from right and left end of the keyboard from particular rows and then similarly the 5th key. This can generate a password like 1*a64=c/ which can be further strengthened by increasing the length in the same manner.
You can also select a letter on the keyboard and type all the surrounding letters in clockwise or anti-clockwise direction with a mix of uppercase and lowercase letters. So if you select letter ‘d’ the password could be ‘serfcx’ or ‘SerFcX’ which can be further strengthened like ‘SerFcX13@#’.
Note: Do not use a simple keyboard pattern like ‘qwerty’ or ‘zxcvbnm’ or ‘12345’ as these are easy to crack.
Use padding: You can use a combination of special characters in between your base phrase to make it complicated. For example if your base phrase is ‘Yclahtw’ taken from the phrase ‘You can lead a horse to water’ then you can add combinations like ‘<->’ or ‘^-^’ or ‘|**|’ anywhere in the base phrase to make it lengthier and complicated. You can come up with any of such unique combinations which you can remember visually.
Replace vowels with numbers: You can select a base phrase and replace all its vowels with numbers. Each vowel can be replaced with a particular number which will make it easy for you to remember and will also make use of different characters.
For example, ‘Yclahtw’ will be changed to ‘Ycl5htw’ where the letter ‘a’ is replaced with ‘5’.
Various free tools are available for setting a strong password or to check its complexity. You can use the following ones:
Check if it’s easy for hackers to guess your password. If you are using common words this tool will show you what will be the next character of your password as you type – Telepathwords
You can generate a random strong password by using Strong Password Generator.
What’s The Problem?
There are two major problems with passwords:
- Setting a difficult password and still be able to remember it because people tend to forget it often if they do not form it based on a concept.The alternative to not remembering the numerous passwords is to use a Single Sign-On solution which lets you add all your applications in a single dashboard which can then be accessed with a single click. Read this white paper on Single Sign-On to learn more.
- Weak passwords, password sharing and having no password policy in the company can lead to disastrous situations. It can degrade the reputation of the company or can cost an employee its job. Read more on how to avoid it.
Now go on and set strong passwords for your accounts and don’t forget to look at SmartSignin in case you want to avoid the hassle of re-typing the passwords repeatedly.