The observance of World Password Day is one way to get everyone to – at a minimum – modify their most-used password to make it a little stronger than it is now.
ConsumerAffairs spoke to two threat analysts who know this stuff inside and out – Tyler Moffitt, Threat Analyst at OpenText Cybersecurity, and Ariana Bago, Fraud Analyst at Proxyrack – to get their best advice on how to create a strong password.
Improving password behavior
Moffitt insists that we’ve all gotten lazy about freshening up our passwords on a regular basis.
“Many people use the same passwords for an extended period, which increases the risk of exposure or hacking, or short, simple passwords,” he said. “To check the strength of their passwords, users can input their passwords into this site to see if it is already known and guessed first in hacks.
Bago says the first thing she recommends is that users should identify any passwords they have used across multiple accounts and to rename each duplicate uniquely.
“When a hacker manages to figure out a duplicate password, it instantly compromises any account sharing that password, so be sure to change each to a unique password. Remember, password strength isn’t personal,” she said.
“One of the most common password mistakes is including personal information to make them memorable, such as using a pet’s name as the main body. However, these can easily be figured out by hackers and so need to be avoided.”
Best practices
Between the two analysts, they offered these five tips for shoring up any password weaknesses:
Use strong, unique passwords: Moffitt suggests creating long passwords that include a mix of upper and lowercase letters, numbers, and special characters. Remember – length is strength! Using spaces will help with length and you can use favorite lyrics or lines in music and movies for ease in remembering.
Bago is a big fan of those special characters, too. She said symbols such as $, !, % are much less guessable and should be included in any password. As for Moffitt’s suggestion about length, she recommends aiming for 12-15 characters. “Every extra character, whether it's a letter, number, or symbol, increases the possibility area, making it more secure,” Bago added.Use a password manager: Another Moffitt recommendation is a password manager because it can help generate and store strong, unique passwords for each of your accounts.
Be cautious with password recovery questions: “Choose questions with answers that are difficult to guess or use false answers that only you know,” Moffitt offered.
Avoid common words or combinations: “If a password can be looked up in the dictionary, it is not a strong password,” Bago claims. “Additionally, common character combinations such as ‘1234’ and ‘abcd’ can easily be figured out by hackers. Hackers have a bank of frequently used passwords that they test, so make your password as unique as possible.”
Refrain from including personal information: Odds are pretty good that anyone reading this particular suggestion will raise their hand and admit guilt, but here we go: “Family members and pet names, alongside memorable dates and other personal information, are commonly used in passwords,” Bago said. “However, a password should be unrelated to anything personal as hackers may be able to figure this out.