Why Robust Passwords are Still the Backbone of our Digital Security
Robust passwords that are hard to break, are the basic table stakes for anyone who manages their private and precious data online.
Coded passwords have been in use for centuries for keeping secrets safe. But today, our passwords are the gatekeepers to our digital lives.
On May 4th 2023 we celebrate World Password Day, where we’re reminded of the importance of these little cyphers in keeping our data safe and secure.
Here, we take the opportunity to remind ourselves why it’s important to use strong passwords. We also look at what to avoid when choosing a password, and what else you can do to keep your files and applications safe from unauthorised access.
What Makes for Good, Robust Passwords?
Over the years, passwords have evolved, becoming more complex.
Not only that, but the number of passwords we have for different systems and applications has grown exponentially too. It’s believed that everyone who uses a smartphone or a computer has at least 50 different passwords to remember now. Assuming that people do use a different password for everything, (and we should be), remembering them all can be quite a challenge.
It’s no wonder that many people write these passwords down. Though it’s advised that if you do this, you should keep written crib sheets stored safely under lock and key.
The minimum requirements for most online authentication processes require password combinations of uppercase and lowercase letters, numbers and symbols. And the full string can be ten, or sometimes twelve characters long.
Many applications will suggest a strong password when you register as a user. At which point, you’ll be provided with a seemingly random mix of letters, numbers and symbols. But these can be incredibly difficult to remember (unless you use a password manager – more on that later).
Therefore, if you’re not using a password manager, I’d recommend you use a convention to remember your password.
Three Ways to Make Your Passwords Memorable
If you find managing a large number of passwords quite difficult, I’ve listed three ways to make your passwords easier to remember. Firstly, using mnemonics to help you remember the password, secondly theleetspeak convention, and thirdly, making passwords longer.
Using Mnemonics – Mnemonics are just phrases that are used to determine the order of something. For example, Richard of York Gave Battle in Vain, which determines the order of colours in the rainbow.
Any phrase that is memorable to you can be turned into a mnemonic. You could use song lyrics, book titles, or anything that falls into a memorable order for you. Make a mnemonic too complex, though, and you may end up forgetting your password.
Leetspeak Convention – You could also employ what we used to call ‘l33tspeak’ to insert numbers for letters, as long as the words aren’t too common, and you don’t convert letters to numbers too predictably. Also make sure to not use things that people can associate you with easily.
A list of leet substitutions can be found in the Leet Wikipedia stub.
Make Your Password Longer – Another way to make your passwords harder to guess is to make them longer than the minimum. This makes it harder for hackers that use blunt-force cracking methods to guess your password.
Longer phrases can also make your passwords easier to remember. Before now, I’ve made my passwords the same length as the application it belongs to, and therefore, the password it easier for me to remember.
Ways to Bolster Your Robust Passwords
The more complex you can make your password, the harder it will be to crack, but there are other measures you should to take to keep your data safe. Here are a couple you should definitely consider:
Password Managers can hold all of your passwords in one place under one master password. They allow you to save all other passwords you use on your devices and allow you to autofill login details where it suits you.
Multi-factor authentication is another way you can make it harder for cybercriminals to access your data.
It’s an extra layer of protection which provides a time-limited code that you have to enter to prove you are who you say you are. If your authenticator is held on a different device, and is accessed using biometrics, face-recognition or a passcode, then it’s another layer cybercriminals have to attempt to replicate.
Password Cliches to Avoid
You may think that the days of password cliches such as ‘password’ or ‘12345’ are long gone, but you’d be surprised.
Anything that could be easily guessed is not a robust password.
Alongside these, passwords to avoid include:
- Consecutive letters and numbers (e.g. Qwerty12345, ABCxyz999, etc.)
- Pastimes and important years (e.g. Engl4nd1966, StarWars1977, etc.)
- Family or Pet Names and D.O.Bs. (JamieBoy280612, Twinklecat2019)
Always make sure you change the default password on your wi-fi router as well. Many are set as default to ‘Admin’, and therefore it can be very easy to access your network if you don’t change it to something stronger.
Any password that contains something that can be easily guessed from looking at your online presence, should not be used. For instance, favourite bands or movies, sports teams you follow or anything you take pride in.
Hackers can get your personal preference data from online quizzes, such as those that can tell you which ‘Game of Thrones House’ you’re most suited to. So, avoid them at all cost.
Timeline of the Modern Digital Password
- 1961 – Massachusetts Institute of Technology creates the first password so multiple users can access the same computer system
- 1976 – Enciphered user passwords using public key cryptography is created
- 1979 – A study into weak passwords that can be easily guessed is produced by Robert Morris and Ken Thompson
- 1986 – The first two-factor authentication is developed and adopted
- 2003 – Bill Burr of the National Institute of Standards and Technology (NIST) proposes more complex combinations adding symbols to letter and number combinations
World Password Day 2023
Those who wish to take part are encouraged to pledge their support on social media using the hashtag #WorldPasswordDay.
Ways you can observe World Password Day include:
- Change an old password to a long, strong one
- Turn on two-factor authentication for your important accounts
- Password protect your wireless router
- Don’t store passwords on your computer or phone
- Log off when you’re done with a program
- Periodically remove temporary internet files
What Are You Doing for World Password Day?
How regularly to do force your clients to set new, or more robust passwords?
And what’s the worst password you’ve ever seen for a highly sensitive system?
Please let us know in the comments how you’ll be observing World Password Day.