Creating Secure Passwords and why they matter

admin November 12, 2014
“Three may keep a secret, if two of them are dead.”

Remembering all the passwords you use alone can be tough. Remembering secure passwords can be even tougher though.Thankfully, there are ways to create an easy-to-remember password without sacrificing the level of security it provides.

Part 1 – Making a Strong Password 

First, we’ll review the guidelines for a strong password

  • A strong password should be at least 8 characters long, where a strength in a strong passwordcharacter is any alphabetic letter, number, or punctuation symbol
  • A strong password should contain at least one of each of the following:
    • Uppercase alphabetic letter (A through Z)
    • Lowercase alphabetic letter (a through z)
    • Number (0 through 9)
    • Punctuation symbol/Non-alphanumeric character ~!@#$%^*&;?.,+_ (and so on…)
  • A strong password should never contain significant portions of your username, email address, or full name (more than three characters)

Phew! Feels a bit complex, no? Lucky for you, all of these guidelines can be easily met without having to tattoo the result on your forehead to remember it.

Get Started

Let’s start with a baseline password using some simple information. We’ll use part of a phone number, the current year, and an abbreviation for where one works.

Our fictional character will be Jane. Jane’s phone number is 565-572-5252. The current year is 2014. Jane works at a dental office by the name of Classic Family Dental Hygiene.

An ideal password for Jane would be 14cfdh5252.

  • 14 (The last two digits of the current year)
  • cfdh (Classic Family Dental Hygiene)
  • 5252 (Part of Jane’s phone number)

The password is currently fairly secure, as it would take approximately 1.2 thousand  centuries for the password to be cracked remotely. However, if, say, someone obtained NSA spy cracking your passwordphysical access to the computer, it would take only 10 hours to break the code.

For fun, if the NSA ran it through their giant theoretical password cracker, it would take a little under 40 seconds to figure it out, so try not to upset the balance of National Security if this is as good as your passwords get.

Let’s Dress it up

Now then, we can add some entropy to this password by adding a couple of symbols and capitalizing a letter or two. Here, we go from 14cfdh5252  to  14_cfDH@5252

In our eyes, it may not seem that we changed much, but in terms of computation, it will now take our in-person criminal 1.74 thousand centuries to break the code. For our friendly NSA goonies, it would require 1.74 centuries to decode the password rather than a measly 37.61 seconds. Even further, remote attackers need not apply, as it would now take 1.74 hundred billion centuries to break the code compared to the earlier time estimate of 1.2 thousand centuries.

Part 2 – Why Strong Passwords are Necessary

So why are passwords, let alone strong passwords needed anyway? In all likelihood, many of the individuals reading this article probably think that they don’t need them, after all, only the big corporations are targeted, right? Wrong.

Everybody loves low-hanging fruit now and then. It’s low-risk, low-effort and instant return. Nowadays, many hacks are performed automatically – a computer program seeks out and plucks the low-hanging fruits from the branches.

In other words, when you use passwords that are common or otherwise easily-guessable, you are making yourself the low-hanging fruit, an easy target. If a hacker or their security scanner gives your weak passwords so much as a glance, you are utterly screwed and can only watch as your financial data, confidential patient records, and pictures of your beloved cat are copied and sucked through the giant window that was once your poor choice of a password.kitten-yellow-tutu

It’s not over yet though. The Feds have seen the giant window and are knocking on your door. They’d like to know why you weren’t following the rules they specifically created to prevent these breaches in the business world, and hand you an ugly piece of paper requiring payment so they can acquire the resources to go find out where your data  went. Meanwhile, your patients have lost their trust in you with their personal medical information and want to find a new provider. The financial data taken probably means that your bank account now contains a lot of zeros, and only zeros. Worst of all, poor fluffy now has those embarrassing pictures of him in a tutu all over the internet.

All of this because you felt it was too much effort to choose a secure password.

Please, let your clients, patients (and your cat) have some faith in you. Follow good security practices and don’t become the low-hanging fruit.

For more information on securing your data and adopting proactive security measures, give us a call at 541.494.2099 or write to us at tech.support@actiondatatel.com.

Jake

Action DataTel