Creating Strong Passwords
In today’s digital world one of the most important pieces of personal identity is the user’s private password. Passwords are used to protect various aspects of our digital life such as our AD user account (used to log on to network resources), email accounts (such as Yahoo!, Gmail, Hotmail and others), credit card accounts, online banking (such as PayPal), online shopping (such as eBay) and more.
Analysts estimate that about half of the people with digital identities will have them stolen sometime. Most of the victims will not even realize it until it is far too late, after they realize that someone has made transactions in their names and stolen their personal information and funds.
Even if you choose a seemingly long password there is no guarantee that it’ll stay safe. Today’s script kiddies use easy to obtain scripts and programs that can mount brute force and dictionary attacks on your account.
Therefore, in order to help prevent your identity from being stolen, strong password requirements should be used as often as possible. Here are some tips to help you create strong, secure passwords.
- Never use an alphabetic series either forwards or backwards, i.e., ABCDEF or FEDCBA.
- Never use a numeric series, either forwards or backwards, i.e., 123456 or 654321.
- Never use a string of all identical letters or numbers, i.e., AAAAAA or 111111.
- Never use a common keyboard shortcut, i.e., ASDFG or QWERTY.
- Never use your name or user id, or any variation thereof, such as your name or user id spelled backwards, with mixed case letters, etc.
- Never use a word(s) that can be easily associated with you, such as the name of your child, pet, spouse and so on.
- Never use a common word that you might find in a dictionary.
Strong passwords should be created by
- Creating a password that is at least eight characters long, however be warned that because of various hash vulnerabilities, using any password that is shorter than 14 characters is as non-secure as using a 6 character password.
- Combining the first letters of each word of a known phrase to produce the password.
- Including at least one symbol or number in the password, but preferably not just one at the end.
- Using a varying combination of lower and upper case letters in the password.
Here are some example:
- Select a 4-letter word.
- Select a 4-digit number.
- Change the order of the numbers and letters.
- Capitalize a letter.
- Add one or more special characters such as *, %, # or !
This is a bad password: qwerty12345
This is a bad password: Admin12345
This is a bad password: asdASD123
This is a nice password: [email protected]$$w0rd!4MyC0mputer
This is a cool password: [email protected]$$4MyPayPalAcc0unt!
You can even write a phrase, combined with numbers, lower and upper case characters, and special characters, but in a different language, yet type it in English letters. For example: [email protected]#$%12345 (my name in Hebrew, first name small characters, last name upper case characters, 1-5 keys presses with SHIFT, and 1-5 in regular numbers).
Password security can be maintained by
- Use a different password on each account you have.
- Change your passwords at regular intervals such as once every couple of months.
- Never write your passwords down. No, writing them on a sticky note and posting them upside down or face down on your to-do board does not provide extra security!
- Never sharing your password with others. No, calling you and asking for your credit card account password is NOT a common practice by ANY credit card company!
More in Security
CISA Releases New Free Tool to Identify Threats in Microsoft Cloud Services
Mar 24, 2023 | Rabia Noureen
Microsoft Defender for IoT Gets Cloud-Powered Security Features to Protect Enterprise Networks
Mar 21, 2023 | Rabia Noureen
Azure Firewall Basic Now Available to Protect Small Businesses Against Cyberattacks
Mar 16, 2023 | Rabia Noureen
Microsoft Releases Updates to Patch Critical Outlook NTLM Vulnerability
Mar 16, 2023 | Rabia Noureen
Microsoft Warns About New MFA Bypass Tool Used in AiTM Phishing Campaigns
Mar 15, 2023 | Rabia Noureen
Microsoft 365 Defender Adds Real-Time Custom Detections Support in Preview
Mar 14, 2023 | Rabia Noureen
Most popular on petri