Choosing Strong Passwords

Advice from the Cyber Ninja

So far, 2017 has been a big year for cyber-attacks. Businesses around the world were targets of cyber adversaries who stole credit card numbers, took down websites, and obtained the personal information of millions of consumers.

These attacks sent companies scrambling to explain how their data was stolen, compromised, or lost. We learned that some basic, commonsense guidelines about user names and passwords weren’t followed by organizations that should have known better than to use the combination “admin/admin” or other simple to guess passwords.

You can start implementing more effective security than some of the world’s biggest companies if you take some advice about creating strong passwords from the cyber ninja.

And before you complain about how hard it is to remember different passwords for all your different logins, ask yourself how hard it will be if an adversary stole your identity, banking information, or other data if someone ever guessed that you used your dog’s name, birthday, or address as a password? (By the way, don’t use those.)

Here’s how to create strong passwords that will help protect your vital accounts:

  • Use a combination of uppercase and lowercase letters, numbers, and symbols
  • Make your passwords at least 15 characters long
  • Use a bizarre combination of words that only you would remember, or the first letters of a phrase that’s meaningful to you
  • Substitute numbers or symbols for letters in words or phrases
  • Consider using a password vault product that will generate random strong passwords for every site you visit – then, you only need to remember one password to unlock the vault

I have a colleague who used the words to Queen’s song “Bohemian Rhapsody” as a way to create password phrases. Consider the line “I see a little silhouetto of a man, Scaramouche Scaramouche can you do the fandango?” This created a password that looked like 1s4LS0ams2cudtf?. That looks pretty random! But the user can just sing the lyrics and remember it easily. A song, a movie quote, a phrase that you’ll remember – these are all great ways to create a complex password that will stop the adversary.

Most people have upwards of ten passwords, and some have over one hundred. For people who need multiple passwords, remembering just one would be easier but such a shortcut is also dangerous. It’s not as hard as you might think, and the importance of choosing a unique and complex combination of letters, numbers, and symbols cannot be emphasized enough.

Any experienced security expert will tell you that weak passwords used on multiple sites are partly to blame for online security breaches, so your safety depends on generating a strong password for each different account.

2017-11-14T12:13:09+00:00

About the Author:

Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats.