Skip to content

How Secure is my Password?

Lily Howell Mar 7, 2019 12:00:00 AM
logging into a laptop

The fact is, using the internet and IT, in general, today requires the use and management of passwords… and this is no small task. Security best practice suggests you should use a different password for every website and account you use.

Recognise and shake bad habits

Bad habits such as using the same password for all accounts, or even worse using your work email account and the same password for your online accounts as your work (domain) account – this is the type of behaviour that pretty much ensures your account will be the point of entry.

Hacked passwords are the most common cause of data breaches but don’t despair, there are simple rules you can follow when creating a strong password, such as;

  • Password Length – Make sure passwords are at least 12 characters long.
  • Upper and Lowercase Characters – Incorporate a variety of upper and lowercase letters from start to finish.
  • Numbers (0-9) and Symbols – Include a mixture of numbers and symbols throughout.

We all know Microsoft is trying to protect us from hackers but remembering these complex passwords is a difficult task. Most people will use something familiar to them to create a password, like a child or pet’s name, the current month or their car registration. This practice makes the password easy to remember however it also makes the password very easy to crack. For example, growing up I had a pet dog called Ben, now if I were to use his name as my password (including the capital “B”), any password cracking type of program would break this password almost instantaneously. Any word in the dictionary used as a password would also be cracked instantly as most password cracking programs use the dictionary as the first method to try and crack the password so please avoid using standard words or common names.

My next step would be to add numbers to the password, the most common way to do this would be to replace the letter that most looks like a number i.e. the password Ben would become B3n Using the same password cracker tool this password would be revealed in about 14 seconds! The result isn’t good.

Following the rules above for complex passwords, I decided to add some symbols to my password. The easiest way to do this and to make it memorable, is to surround the familiar password with some form of brackets or quotes, i.e. use the Symbols “ ‘ () {} or [] “ so now my password looks like this: {B3n}

Utilising the same cracking tool, this would take about 5 days to crack, much better but still not great. The password {B3n} is now 5 characters long, still too short to be considered secure, so I add !! {B3n}!! again a hacker would crack this in a matter of days.

The aim is to make sure the password is strong enough to last the amount of time under a cracking tool before the system you are accessing requires a password change. I decide to increase the number of characters by adding the year my dog was born, so the password looks like this: {B3n1991}!!!

This password is still memorable to me and has 12 characters but now the cracking tool would take much longer to crack the password!

Try and make the password as long as you can with a mix of symbols and numbers, as you can see from above, increasing the number of characters makes a big difference.

Disclaimer: None of the passwords in the example above is actually in use. The times to crack passwords are estimates and are generated by an online secure password testing tool.

Our top-tip: two nouns, special symbol and 2 digits.

In today’s world remembering which password you use for what can almost be a full-time activity and can be immensely frustrating when the system you are accessing says you have to change it frequently (surely not, I only changed the password last week??). Best practice suggests you should use a different password for every website you access and that password must be complex. Vendors like Microsoft are now enforcing complex passwords for their Cloud Services such as Microsoft Office 365.

Using a password manager is the simplest way to keep track of and create secure new passwords. However, refrain from using those built into web browsers to help you with this. Password managers not only help us to steer clear of bad habits, like recycling the same password again and again (with slight variations) but also generate random 16 character passwords for any site you use.

Of course, sorting all of your passwords into one place means that you must create a master password to unlock your manager. Reviewing all that we have learnt, passwords created with a minimum of 12 mixed character and symbols are among the most secure.