The protection of highly valuable data is of the utmost importance in this day and age of technology. Filing cabinets and systems are quickly being replaced by applications and computers. Hard-copies of customer information that was once kept behind a lock and key is now tucked neatly away into a folder titled ‘Account Numbers’ on the hard drive of your computer, protected not by lock and key but by a word, phrase, acronym and/or numbers that you create. This means, access to customer information, company budgets, bills and account numbers, and other highly valuable data is at the mercy of your choice in a password.
So the question is, is your password secure? Having a secure password can be both a blessing and a curse. For starters, a secure password is usually several characters (letters, numbers and symbols) long, usually in the eight (typical minimal) to fifteen or even twenty characters long. Having such a long password can be a burden to remember, especially when you’re busy, plus who really wants to type such a long password every time they log in? That is never fun. Is it necessary, though? Both yes and no.
The longer a password is, the more processing power (both of the brain and/or a computer) is needed to decipher and break apart the coding to reveal the password. However, just because a password is long, does not mean it is hard to figure out. This is where the requirements for numbers and special characters (@,!,#,$, etc.) come into play. To put it simply: a < A < 1 < ! in terms of how hard it is to decipher the coding on. By combining these characters together, you can create a difficult to break password that is still secure, yet not twenty characters long.
Let’s look at a few examples, we are comparing the difficulty it would take to force your way through someone’s password by using common words or phrases. This is known as a ‘brute force’ or ‘dictionary’ attack, and there are programs that do the job for those seeking entry into your data.
Susy Q has a password on her computer. That password is ‘sally’ the name of her dog. Sally is not only less than 8 characters, it is also a very common name and in all lower case. This password, with help of a program, could be bypassed in less than five seconds.
Johnny Begud has a password of ‘JohnnyBeGoodIsMyFavoriteSong’ . This is a very long password, and as such, will take a few seconds to break apart, especially with the capital letters thrown in. However, they are all common words, the name of a song is in there as well, and is easily correlated to our client’s name. Twenty seconds. Maybe.
So if even Johnny’s long password is a high risk password, then what can we do to make Susy’s and Johnny’s passwords better?
Let’s take what they have there, keep it simple, and crank up the security of these passwords by about one-hundred. Both passwords will still be only ten characters.
For this part of the example, let’s assign a points system to the passwords. Lower case is 1 point, capital is 2, number is 3, and special character is 4. Space is 5.
Susy’s password of ‘sally’ has a point value of 5. Let’s get this password above twenty, keep the password ‘simple’ yet make it very secure and not as long as Johnny’s.
Susy is very excited she has a dog, so to up her security, she uses a pair of exclamation points on either end. She also adds two numbers to the end, eight and five, because she got Sally on August 5th. She throws in a ‘@’ as well to throw off the simplicity of the name.
Her new total? 23. Only nine characters and is still relatively easy for Susy to remember.
Now let’s look at Johnny.
JohnnyBeGoodIsMyFavoriteSong = 35.That is good! Except for the facts mentioned before. So, can we simplify his password and still hit that nice rating of 35, or possibly more? Of course.
Johnny has taken his phrase and broken it down into an acronym. He has added letters with numbers that look similar to that particular letter (and even a symbol) plus a space to throw off programs a tad bit more. He also enclosed it all within brackets. So what is the point total now? And how can he easily remember this acronym?
Points = 36. One point better than the really long password. Now let’s break down how Johnny has chosen to remember his password in his head.
J0 = J0hnny B3= be G=good SPACE ! = is (! Looks like I) M=my F= Favorite 5 = 5ong (5 looks like S). This was the first record he ever owned, and he always kept it in its [sleeve].
Here are a few more password tips from Microsoft:
Help yourself remember your strong password by following these tips:
- Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son’s birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
- Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son’s birthday is 12 December, 2004 could become Mi$un’s Brthd8iz 12124 (it’s OK to use spaces in your password).
- Relate your password to a favorite hobby or sport. For example, I love to play badminton could becomeILuv2PlayB@dm1nt()n.
If you feel you must write down your password in order to remember it, make sure you don’t label it as your password, and keep it in a safe place.
That last line from Microsoft’s tips are important. If you write down your password, be discreet about it. Do not put note it in a simple to find spot and absolutely DO NOT label it ‘password.’
One other helpful tip. Do not use the same password for everything. Especially if you’re out on the internet. Do not use passwords you use for work for various web-sites that you choose to visit each day. There are ways for your password to be ‘phished’ (yes, it works exactly like fishing in a pond) and ‘phishermen’ will attempt to use that password on anything that they know you access.
Follow these simple tips and your data will be safe behind that virtual lock we call a password.