Tip of the Week: The Guide to Optimal Password Efficacy
Your business’ security largely depends on how secure the passwords are that keep your resources from being accessed without authorization. Despite this, many users—perhaps even you—frequently sacrifice sufficient security measures in favor of the simple and convenient route, cutting corners when coming up with their passwords. Let’s try and remedy this by reviewing a few practices that can help make a password more effective.
What Threats are There to Passwords?
A password can be undermined in one of two different ways, generally speaking:
Digging into your online life or resorting to trickery, a “bad actor” (as they are sometimes called) figures out your password or how they can fool you into handing it over. Alternatively, the bad actor might phish you or infect your computer to crack the password.
As a result, you need to figure out how to make your passwords effectively guess-proof, while still being able to recall them as you need them. These principles should ultimately pertain to any passwords associated with your business—including the ones your staff members rely on.
The Balance Between a Strong Password and a Memorable Password
Whether you’re designing a password policy for your company members to follow, or simply creating a new account of your own, there are two important considerations to keep in mind.
- If a hacker can’t guess/crack a password, they will likely resort to a brute force method—simply trying every combination possible until they eventually get a hit.
- The security of a password and its resilience against brute force attacks aren’t the same.
It is important that both of these aspects are taken into serious account as you come up with your passwords.
How to Optimize Your Password Security
There are a few widely accepted best practices when it comes to what makes a good password:
- It is sufficiently long, ideally stretching over 16 characters
- These characters include non-consecutive numbers, letters, and symbols
- The password contains no common words or numbers, private information, or any publicly accessible details
It is also important that your considerations involve the aforementioned tools that cybercriminals use to break password protections. This is where we must account for the complexity of your passwords.
Did you know that about 40 percent of passwords only contain lowercase letters? Well, cybercriminals certainly know, and will certainly try to save time by only trying lowercase letters in their initial brute force attacks. Even one extra variable can significantly increase the password’s security, making it harder and more time-consuming for the hacker, and possibly convincing them that the effort isn’t worth it.
However, you also need a password that is memorable enough for you to be able to use it. The most secure password in the world is no good to you if you can’t commit it to memory, to the letter (or number or symbol).
This has recently led to the idea that a password composed of a few random words, randomized further with alphanumeric substitution and capitalization, padded with repeating symbols on either side, is the most secure option.
Think about it—like we said, each variable makes the hacker’s job that much more challenging and can help slow down any automated attempts long enough for the hacker to abandon them.
With all this in mind, it makes sense to create passwords that ultimately look something like this:
Not only is this password effectively impossible to guess, but it also has plenty of characters and—while designed to be somewhat simple to memorize, is still plenty resistant to brute force methods. Just make sure you come up with your own, instead of copying this one.
Remembering These Passwords
Admittedly, a password like this is a lot to remember on its own, so the thought of remembering a different one for each account (in keeping with best practices) can be daunting for most. Fortunately, a password manager can simplify this considerably.
A password manager is basically just a piece of software that safely and securely stores your passwords away for you, accessible to you behind a single master password. That way, your passwords could be totally secure and unique without forcing you to remember them all.
From your passwords and access management to every other aspect of your business’ IT security and productivity, Ciracom is here to help. Learn more about what we can offer by calling (703) 621-3900 today.