Password security is getting to the point of absurdity. When you go to a new website that you must make an account for, you have no idea what restrictions they will have on a password. Some systems require a symbol, some require an uppercase letter, and many need both. This is making your life a lot harder as you have to remember many different passwords. The best part about these restrictions is that they don’t add any additional security to your account.
First, let me start by telling you that I don’t have any official credentials to tell you anything about password security or any other form of cybersecurity. What I do have, is nearly a decade in creating web systems and my own experiences in the cybersecurity world. So take everything I say with a grain of salt and review some other, more high-acclaimed, posts if you really want to dive deep into this topic. It can get very interesting.
Let’s talk about when these websites force users to add symbols to passwords. The most common way to get around this requirement is to take whatever your password is and add an exclamation point (!) to the end of it. Take the password ‘test’ for example, this requirement would provide you with ‘test!’. Now, do you truly believe this is more secure? If you think you have tricked the hacker by putting an exclamation point at the end of your password, please change your password. The same goes for capital letters. When those are required, most people will submit ‘Test!’. Once again, this is no more secure than ‘test’ no matter what the Password Security algorithm on whatever site you’re creating an account on tells you.
One of the most commonly suggested strategies for creating a strong password is to generate a string of random uppercase, lowercase, numbers, and symbols. This may provide you with something like Huj2!)[~. This password is okay as it’s not easy for a human to guess. Unfortunately, it is very simple for a computer to crack. According to a study by Hive Systems, a password with eight random characters will take about 39 minutes. In most cases, many security experts have recommended keeping your passwords to a minimum of 18 characters. You can be a little smaller if the site you create a password for doesn’t have too many limitations.
If you are among the savvier in the cybersecurity space, you may be thinking about the rule where no two passwords should ever be the same across your accounts. If all of your passwords are different, how are you ever suppose to remember them? Well, I’ve got a few suggestions for you.
One of the more obvious choices is to utilize a password manager. I’ve used a few in the past, and the one that I’ve stuck with the most is 1Password. They have desktop apps for both macOS and Windows, plus mobile apps for Android and iOS. They also have browser extensions for Chrome, making it very easy to log into any of your online accounts. They have one of the easier-to-use systems compared to others I’ve tried, and the design is pretty easy to follow. 1Password will create randomly generated passwords and store them for you for access across all of your devices. You can even keep additional notes that you want an added level of privacy for.
An alternative option is to make passwords out of sentences instead of words or random characters. Even common sentences like, ‘Good morning, how are you?’ would be more challenging for a computer to crack than an arbitrary eight character string. These have the benefit of being much easier to remember, and you can even include key phrases about the account that will help you remember what the password is. My biggest recommendation for this method is not to use any easily locatable information on Social Media. This would include family/friends’ names, birthdays, wedding venues, etc. Keep that to social media and out of your cybersecurity.
My last recommendation is to keep a notebook or some kind of record of your passwords. I would consider this the last option, and you should only choose it if you struggle to remember your passwords and are uncomfortable storing them on a website like 1Password. If you pick this method, please remember that if this notepad is ever stolen, the thief has everything that you wrote in it clear as day. I would highly recommend keeping password hints in a notebook rather than writing the passwords in full.
I’ve actually written this post once before, but somehow it got deleted. It’s good to finally cross it off my post ideas list, and it was good timing as the new data from Hive Systems only came out a few days ago. Thank you for taking the time to read this post, and I hope you have a great day.