What’s the longest you’ve ever spent when trying to create a new password that 1) You will remember and 2) Satisfies your particular website’s password requirements? It’s taken me up to fifteen minutes before and that is not an exaggeration. I know you are all sick and tired of getting this message: “Sorry that password won’t work, you must include: a symbol, a number, a hieroglyphic, a gang sign, your favorite poem, an inspiring quote and an uppercase letter.” Here are some ideas for setting up the best passwords for your online activities.
According to a recent Wall Street Journal Article; in 2003 Bill Burr published an 8-page primer advising people to protect their accounts by inventing awkward new passwords with obscure characters, capital letters and numbers, and to change them regularly. Earlier this month, however, Burr admits that his advice ended up largely incorrect, saying “Much of what I did I now regret.”
When people change their passwords every 90 days or so, they are usually making very minor changes. These changes can be extremely easy to guess. For example, changing Ba$eball1! to Ba$eball2! isn’t exactly going to prevent hackers from breaking in. Here are some new tips on developing a great, secure password.
- Drop the password-expiration advice and the requirement for special characters. Studies show they do very little for security, and multiple security experts say they “actually have a negative impact on usability.” And don’t use common substitutions, either! For example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
- Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
- The longer the password, the harder it is to crack. Consider a 12-character password or longer.
We have too many passwords: almost three in five adults have five or more unique passwords, and nearly one in three have more than 10, according to a study by Janrain, a user management company.
The result is serious fatigue, to the point where one in three think solving world peace is easier than trying to remember all their passwords. With stats like these, is it any surprise that we collectively hate passwords?
As a result, people like me do dumb things, creating a few password variations to help an increasingly untenable situation. Or we do even dumber things, like use passwords such as “password” or “123456.” Or we create a “base” password and add a variation for each site. We know it’s stupid, but we’re driven to these solutions because we are lazy/our memories just can’t remember all those passwords. Consider John Podesta , Hillary Clinton’s campaign chair set his password for his account as “password” which is how the Russian’s stole all those emails. Easily one of the greatest bone head moves of all time in hindsight. Don’t be a Podesta.
Difficulty in remembering creates dangerous security backdoors that hackers are absolutely loving. So do yourself a favor and follow those three tips to building a safe and secure password. Lastly make sure your cyber liability insurance policy is paid up. All you have to do is watch the news to understand how vulnerable your company really is. If you have any further questions, contact Metropolitan Risk Advisory today!