It’s been something you’ve had to think about since you first set up an account on any online service – “how am I going to deal with passwords?” Back then, you might have thought it was safe to go with some variation of your childhood pet and your favorite breakfast food (“OatmealOatmeal” for example). As would-be attackers have beefed up their arsenal, however, easy-to-remember passwords based on your childhood don’t hold up anymore. Let’s take a look at a couple pointers that can keep you secure.
If you can explain your password, it needs work.
There’s a bit of a tug-of-war when it comes to choosing a password. You need to find something that’s complicated enough to be secure, but easy enough to remember, right? After all, you might have to use it multiple times a day and going through a complicated process each time, just to log in, could put a major cramp in your workday flow. Security should win over ease of use, every time. When you set a complicated password, you’re not making it harder to get into your accounts. You’re making it easier to keep everyone else. Of course, you’ll need a way to make sure you can get to your password when you need it (we’ll get to that next), but here’s a quick way to check if your password is complicated enough. How annoyed would you be if you had to give your credentials, out loud, to someone in the next cubicle? “IL0VEPUPP13S” is pretty easy, “sdfJcPidWKl” is much harder.
Don’t use a password – use a passphrase
The problem with words is that everyone knows what a word is. (Really.) The oldest method for hacking a password is just plowing through the dictionary, trying all the words that start with A, followed by B and so forth. Most systems are set-up to stop this sort of brute force attack, but if your password is just a word, this approach will eventually find it. How do you add complexity but still have a password you can remember? Use a sentence instead. Turning an easy-to-remember sentence into an acronym can be a great way to “In college, I lived with Grant in room 237. He liked Kanye West, too.” becomes “icIlwGir2.hlKW2”. It’s much more secure than “OatmealOatmeal” and there’s actually a decent chance you can remember it.
Update early and often
So, you’ve finally figured out that perfect sentence you can turn into the perfect acronym and the perfect password. Your work’s done, right? Not quite. Passwords that start off secure may be compromised by data leaks, so the only way to make sure your accounts are locked down is to change your password on a regular basis. Some programs and systems will force you to update your password after a certain amount of time, but the easiest way to remember to do this on your own is to set up a recurring appointment in your calendar. 9 a.m. on the first of every month, update your passwords. Every month. No exceptions.
Figuring out how to use secure passwords that actually work for you is hard enough if you’re only responsible for your own accounts, but if you’re the one in charge of making sure your company stays secure, you’re responsible for your whole team. To learn more about how Symplexity can help your company can manage its passwords (and security in general) contact us today.