2023 Password Guide: Creating A Secure Password

Computers are a part of our daily lives now, from the desktop at work to your phone you take around everywhere. The average person in 2023 has 100 passwords! That’s alot and managing all them and keeping them secure is important. With the digital landscape, cyber threats are on the rise, making it essential to prioritize password security. Your online safety relies on the strength of the passwords you create, how effectively you manage them, and the use of reliable password managers.

As a Managed Service Provider (MSP), we understand the critical importance of password security in today’s digital landscape. Our comprehensive guide is designed to help organizations and individuals understand the threats posed by cyberattacks, and how to mitigate those threats through robust password security practices. We cover the basics of creating secure, unique passwords, including length requirements, character complexity, and avoiding common phrases and personal information.

Additionally, we provide guidance on how to manage passwords effectively, including the use of password managers. By following these best practices, you can better protect your organization’s sensitive data and personal information from malicious actors.

What makes Password Security so Important?

Your password acts as the initial defence against cyber threats. If your password is weak or easily guessable, cybercriminals can easily hack into your system and gain access to your sensitive information, including personal details, financial data, and other confidential data. In the worst-case scenario, a compromised password can lead to identity theft, financial loss, and other severe consequences.

Understanding the common methods that hackers use to crack passwords is crucial in creating strong, secure passwords that are less susceptible to such attacks. By being aware of these techniques, you can take preventive measures to protect your online accounts and information.

Common Password Cracking Techniques

Before delving into password cracking methods used by hackers, it’s important to acknowledge the significance of how websites store your passwords. Always ensure that the website you sign up for employs up-to-date password hashing technology and doesn’t store your password in plain text, as was previously done by Facebook. Unfortunately, this practice still occurs today. Researching a company’s history of security breaches can be helpful, but occasionally, you have to use their services regardless. The way companies store your passwords is crucial, as any new password you create will be ineffective if not securely stored.

digital blue chain with a red broken link

Brute Force Attack

As the name suggests, this method involves trying to access your password by running it through a computer and attempting every possible combination. The longer the password, the more combinations available, making it harder for the password to be cracked.

In the current digital landscape, a password with at least nine random characters is generally sufficient to withstand this type of attack. For those interested in the mathematics behind this, consider watching this Khan Academy video.

a dictionairy layed open with pages being flipped

Dictionary Attack

Rather than guessing each character in the password individually and randomly, rules can be applied to help crack the password, with the English dictionary serving as a valuable starting point. Hackers can now search for specific character strings related to words in the dictionary, focusing on the most commonly used words first. This technique can be adapted to any language.

Custom dictionaries are being made every day to make cracking easier by using real passwords that people have used in the past. This means if your password was part of a previous security breach, it is most likely included in a hackers’ dictionary. These dictionaries are much more useful and can cause a password to be cracked in seconds.

How do you check if your password resides on one of these lists?

Well, you can never know for sure since a hacker’s dictionary might not be accessible to check, and some companies have been unwilling to notify the affected users. An excellent place to start would be to use the pwned password checker tool.

Mastering Creating a Password Security

Creating strong and unique passwords is essential for protecting your online accounts, but even the best passwords can be rendered ineffective if you can’t remember them or manage them efficiently. Having several secure passwords that you can’t remember and forget is a huge time waste, especially when you compound this over your entire organization. However, before we talk about how to manage passwords, we need to know the guidelines of what makes a good password and go through an example of an effective password.

Guidelines to Develop Robust, Unique Passwords:

  1. Stretch it Out: Aim for a password that’s at least 8 to 12 characters long. Longer passwords are harder to crack.
  2. Juice it up: Use a combination of letters, numbers, symbols, and capitalization to make your password more complex and harder to guess.
  3. Dodge the Ordinary: Embrace the Unique: Avoid using common passwords like “123456” and “password” which are easy targets for hackers.
  4. Lock Your Secrets Tight: Refrain from using personal information, such as your name, date of birth, or address, in your password.
  5. Turn up the Volume: Opt for a passphrase made up of random words instead of a traditional password. This can be easier to remember and still provide strong security.
  6. Keep Hackers Guessing: Regularly change your passwords to ensure that if a password is compromised, it won’t be useful to hackers for long.
  7. Don’t Be a One-Trick Pony: Use different passwords for each account, or at the very least, use a unique password for your most important accounts.
  8. Don’t Use Common Passwords: Here is a list of the most common passwords.

Now we have these guides and can make a secure password. But let’s go over making a secure referable password that you could use for your main password for something like a password manager.

Steps to Create a Secure, Memorable Password

The building blocks to this step b y step process comes originally from a comic from XKCD

A comic illustrating the modern day problems with passwords
  1. Start with a memorable phrase: Begin with a phrase that you can easily remember, but avoid using common phrases or easily guessable personal information. For example, consider “Knight-bridge-table-anchor” as a base for your password.
  2. Make it unique: Use less common words, brand names, or slang terms that mean something to you but aren’t easily guessable by others. For instance, replace “bridge” with a brand name like “Tesla”: “Knight-Tesla-table-anchor.”
  3. Add complexity: Introduce special characters, numbers, or capitalization in unexpected places to make your password more secure. For example, modify the previous password to “Kni_ghT-Tesla-table-anch0!r.”
  4. Evaluate your password: Assess the strength of your password, considering whether it’s just “good enough” or if you need to take it up a notch. If you’re using a password manager that requires a master password, it’s crucial to have a strong and memorable password.

You can also use this password making tool that can help create the password for you.
You can also add this into the configurator. If you want a good place to start.

{
 "num_words": 3,
 "word_length_min": 4,
 "word_length_max": 8,
 "case_transform": "CAPITALISE",
 "separator_character": "-",
 "padding_digits_before": 0,
 "padding_digits_after": 2,
 "padding_type": "FIXED",
 "padding_character": "!",
 "padding_characters_before": 0,
 "padding_characters_after": 1,
 "random_increment": "AUTO"
}

The Importance Of Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your accounts. When enabled, you’ll need to provide a password and another form of authentication, such as a security code sent to your phone, to log in. Options include Google Authenticator, but if you’re looking for something to help many 2FA accounts, Aegis is a great option for android that lets you add icons and sort your 2FA’s.

Use A Password Manager

While having an impeccable memory to hold all your different passwords may seem ideal, it’s impractical for most people. This is where password managers are beneficial. Password managers securely store all your passwords in one encrypted location, making it easy to generate strong, unique passwords for each account without having to remember them all.

Although the recent breach at LastPass can make you weary of password managers, we still recommend in using them. We will go over password manager in another post more in depth, but key things to look for are:

  • Encryption: The password manager should use strong encryption algorithms to secure your passwords and other sensitive information. Ideally, the encryption keys should be stored locally on your device to prevent unauthorized access.
  • Two-factor authentication: The password manager should support two-factor authentication (2FA) to add an extra layer of security. This could be in the form of a code sent to your phone, biometrics authentication, or a physical security key.
  • Audit trail: The password manager should have an audit trail feature that logs all activities related to your passwords, such as when a password was created or modified. This can help you keep track of your passwords and detect any suspicious activity.
  • Ease of use: The password manager should have a user-friendly interface, provide seamless cross-device synchronization, and be relatively bug-free across different devices and operating systems. However, usability should not compromise security. Find a balance between usability and security, and adjust your expectations accordingly.

Final Thoughts

To sum up, maintaining password security is vital for ensuring online safety. By adhering to the recommended practices mentioned above, you can develop robust, one-of-a-kind passwords that are less prone to hacking. It’s essential to remember that your password serves as your primary defence against cyber threats, so take it seriously and safeguard your sensitive data and personal information.

As a Managed Service Provider (MSP), we offer specialized IT and cybersecurity services.

Get in touch with us today to find out how we can help you better secure your organization and staff!

Get Started