Why Robust Passwords are Still the Backbone of our Digital Security - Tubblog: The Hub for MSPs

Why Robust Passwords are Still the Backbone of our Digital Security

Why Robust Passwords are Still the Backbone of our Digital Security image

Robust Passwords

Robust passwords that are hard to break, are the basic table stakes for anyone who manages their private and precious data online.

Coded passwords have been in use for centuries for keeping secrets safe. But today, our passwords are the gatekeepers to our digital lives.

On May 4th 2023 we celebrate World Password Day, where we’re reminded of the importance of these little cyphers in keeping our data safe and secure.

Here, we take the opportunity to remind ourselves why it’s important to use strong passwords. We also look at what to avoid when choosing a password, and what else you can do to keep your files and applications safe from unauthorised access.

Divider

What Makes for Good, Robust Passwords?

Over the years, passwords have evolved, becoming more complex.

Not only that, but the number of passwords we have for different systems and applications has grown exponentially too. It’s believed that everyone who uses a smartphone or a computer has at least 50 different passwords to remember now. Assuming that people do use a different password for everything, (and we should be), remembering them all can be quite a challenge.

It’s no wonder that many people write these passwords down. Though it’s advised that if you do this, you should keep written crib sheets stored safely under lock and key.

The minimum requirements for most online authentication processes require password combinations of uppercase and lowercase letters, numbers and symbols. And the full string can be ten, or sometimes twelve characters long.

Many applications will suggest a strong password when you register as a user. At which point, you’ll be provided with a seemingly random mix of letters, numbers and symbols. But these can be incredibly difficult to remember (unless you use a password manager – more on that later).

Therefore, if you’re not using a password manager, I’d recommend you use a convention to remember your password.

Why Robust Passwords are Still the Backbone of our Digital Security_Blog Graphics

Divider

Three Ways to Make Your Passwords Memorable

If you find managing a large number of passwords quite difficult, I’ve listed three ways to make your passwords easier to remember. Firstly, using mnemonics to help you remember the password, secondly theleetspeak convention, and thirdly, making passwords longer.

Using Mnemonics – Mnemonics are just phrases that are used to determine the order of something. For example, Richard of York Gave Battle in Vain, which determines the order of colours in the rainbow.

Any phrase that is memorable to you can be turned into a mnemonic. You could use song lyrics, book titles, or anything that falls into a memorable order for you. Make a mnemonic too complex, though, and you may end up forgetting your password.

Leetspeak Convention – You could also employ what we used to call ‘l33tspeak’ to insert numbers for letters, as long as the words aren’t too common, and you don’t convert letters to numbers too predictably. Also make sure to not use things that people can associate you with easily.

A list of leet substitutions can be found in the Leet Wikipedia stub.

Make Your Password Longer – Another way to make your passwords harder to guess is to make them longer than the minimum. This makes it harder for hackers that use blunt-force cracking methods to guess your password.

Longer phrases can also make your passwords easier to remember. Before now, I’ve made my passwords the same length as the application it belongs to, and therefore, the password it easier for me to remember.

Divider

Ways to Bolster Your Robust Passwords

The more complex you can make your password, the harder it will be to crack, but there are other measures you should to take to keep your data safe. Here are a couple you should definitely consider:

Password Managers

Password Managers can hold all of your passwords in one place under one master password. They allow you to save all other passwords you use on your devices and allow you to autofill login details where it suits you.

A number of password managers are available, including: BitWardenLastPass and 1Password.

Authentication Apps

Multi-factor authentication is another way you can make it harder for cybercriminals to access your data.

It’s an extra layer of protection which provides a time-limited code that you have to enter to prove you are who you say you are. If your authenticator is held on a different device, and is accessed using biometrics, face-recognition or a passcode, then it’s another layer cybercriminals have to attempt to replicate.

Some great authenticator apps include: Google Authenticator and Authy.

Why Robust Passwords are Still the Backbone of our Digital Security_Blog Graphics (1)

Divider

Password Cliches to Avoid

You may think that the days of password cliches such as ‘password’ or ‘12345’ are long gone, but you’d be surprised.

Anything that could be easily guessed is not a robust password.

Alongside these, passwords to avoid include:

  • Consecutive letters and numbers (e.g. Qwerty12345, ABCxyz999, etc.)
  • Pastimes and important years (e.g. Engl4nd1966, StarWars1977, etc.)
  • Family or Pet Names and D.O.Bs. (JamieBoy280612, Twinklecat2019)

Always make sure you change the default password on your wi-fi router as well. Many are set as default to ‘Admin’, and therefore it can be very easy to access your network if you don’t change it to something stronger.

Any password that contains something that can be easily guessed from looking at your online presence, should not be used. For instance, favourite bands or movies, sports teams you follow or anything you take pride in.

Hackers can get your personal preference data from online quizzes, such as those that can tell you which ‘Game of Thrones House’ you’re most suited to. So, avoid them at all cost.

Any password that contains something that can be easily guessed from looking at your online presence should be avoided. Click to Tweet
Divider

Timeline of the Modern Digital Password

  • 1961 – Massachusetts Institute of Technology creates the first password so multiple users can access the same computer system
  • 1976 – Enciphered user passwords using public key cryptography is created
  • 1979 – A study into weak passwords that can be easily guessed is produced by Robert Morris and Ken Thompson
  • 1986 – The first two-factor authentication is developed and adopted
  • 2003 – Bill Burr of the National Institute of Standards and Technology (NIST) proposes more complex combinations adding symbols to letter and number combinations

Divider

World Password Day 2023

The first World Password Day took place on Thursday 5th May 2016.  It was created by technology firm Intel, to promote better password habits, and based on an idea by security researcher Mark Burnett.

Those who wish to take part are encouraged to pledge their support on social media using the hashtag #WorldPasswordDay.

Ways you can observe World Password Day include:

  • Change an old password to a long, strong one
  • Turn on two-factor authentication for your important accounts
  • Password protect your wireless router
  • Don’t store passwords on your computer or phone
  • Log off when you’re done with a program
  • Periodically remove temporary internet files

Why Robust Passwords are Still the Backbone of our Digital Security_Blog Graphics
Divider

What Are You Doing for World Password Day?

How regularly to do force your clients to set new, or more robust passwords?

And what’s the worst password you’ve ever seen for a highly sensitive system?

Please let us know in the comments how you’ll be observing World Password Day.
Divider

You Might Also Be Interested In

STEPHEN MCCORMICK

I'm the MSP Community Manager for Tubblog. A small business owner, technical writer and blogger, with 15 years experience in corporate IT. I frequently attend MSP peer groups and create content relevant to IT service providers and business owners.

All Posts

You might like:

Webinar: Exertis Cybersecurity and Seceon: Launching Advanced Security Services image

Webinar: Exertis Cybersecurity and Seceon: Launching Advanced Security Services

Events | By Richard Tubb
Key Importance of Privacy for MSPs and Clients image

Key Importance of Privacy for MSPs and Clients

Article | By Guest Author
Championing the Cybersecurity Right of Boom and the MSP Revolution image

Championing the Cybersecurity Right of Boom and the MSP Revolution

Article | By Graham Pierrepoint
Spotlight on 2024 Cyber Trends And AI-Powered Email Threats image

Spotlight on 2024 Cyber Trends And AI-Powered Email Threats

Article | By Stephen McCormick
Tubbservatory Round-Up #25 – January 2024 image

Tubbservatory Round-Up #25 – January 2024

Article | By Stephen McCormick
Celebrating the Winners of the SuperOps MSP Awards 2023 image

Celebrating the Winners of the SuperOps MSP Awards 2023

Events | By Richard Tubb
Breakthrough Ways Of Selling Cybersecurity Solutions To SMBs image

Breakthrough Ways Of Selling Cybersecurity Solutions To SMBs

Article | By Stephen McCormick
The MSP Opportunity in Up-Serving and Cross-Selling image

The MSP Opportunity in Up-Serving and Cross-Selling

Article | By Richard Tubb
Untold Cyber Attack Stories: A Shocking Perspective For MSPs image

Untold Cyber Attack Stories: A Shocking Perspective For MSPs

Article | By Stephen McCormick
Webinar: The New Normal: AI-Powered Novel Email Threats image

Webinar: The New Normal: AI-Powered Novel Email Threats

Events | By Richard Tubb
Webinar: SonicWall Channel Forecast 2024 image

Webinar: SonicWall Channel Forecast 2024

Events | By Richard Tubb
The Two Top Most Powerful Trends for MSPs in 2024 image

The Two Top Most Powerful Trends for MSPs in 2024

Article | By Richard Tubb

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Send this to a friend