One of our Minimum Security Requirements is having a strong administrator password on all your devices. In reality, every password for every account of every site must be a strong one. Passwords are meant to protect your personal and private data. Don't make it easy for anyone to guess or crack your password. This guide will help you better understand the importance of strong passwords, and how you can better create and remember them.
How easily can someone crack a password?
When creating passwords, people generally care more about memorability than security. Too many people have passwords like ‘1234’ or ‘password’ or ‘iforgot’. A hacker would guess these passwords first as they are the most commonly used.
But even if your password is much more creative than ‘1234’, and even if you are clever enough to have a different password for all your different accounts, it may still be very easy for your password to be cracked if it is still too simple.
This table (taken from this article from geekbeat.tv) illustrates how long it would take for a normal computer to brute force guess passwords of different length containing different kinds of characters.
|Password Length||All Characters||Only Lowercase|
|3 characters||.86 seconds||.02 seconds|
|4 characters||1.36 minutes||.046 seconds|
|5 characters||2.15 hours||11.9 seconds|
|6 characters||8.51 days||5.15 minutes|
|7 characters||2.21 years||2.23 hours|
This is assuming these passwords are completely random gibberish and comprise of no recognizable dictionary words. Hackers like to accumulate large dictionaries that contain many different combinations of words and phrases that could possibly be part of a password. If any part of a password matches up with an entry in that dictionary, the rest of the password will be easier for the computer to guess and take even less time to crack.
Other ways someone might get a hold of your password are:
- Your password hint is too obvious (it's better to refrain from providing a password hint if given the option)
- You've written your password down somewhere for someone to see it
- Your password is short enough or your keystrokes are simple enough for someone to watch you type it in and remember it.
- You login to someone else’s computer and they have some kind of keylogger that saves your password so they can login with it later.
Do your best to avoid these things. Remember, people can be sneaky. Always be wary when it comes to passwords.
What makes a good password?
As demonstrated above, longer passwords with a variety of characters and containing no dictionary words are less likely to get cracked.
As some good rules of thumb, it's best for a password to:
- Be at least eight characters long
- Have a combination of uppercase and lowercase letters
- Have numbers and symbols
- Be unique to all other passwords, usernames, logins,
- Not include dictionary word
- Not be a keyboard pattern (eg. 1234, asdf, qwerty)
Never reuse a password. Protect the integrity of each account by generating a new password for every one. If you’re having trouble coming up with a new secure password, StrongPasswordGenerator, and other sites like it can generate a new password for you. Strongpasswordgenerator even provides a mnemonic to help you remember it. However, it is always better to try to come up with a good password on your own. That way your password is a little more unique, and a lot more meaningful to you.
How do I keep track of all my passwords?
It's difficult to remember multiple passwords. Password managers like LastPass and KeePass can generate and remember your passwords for you! These applications can also automatically fill in password fields for you whenever you log in to an account. This way you only need to remember one strong master password that safeguards your password vault.
However, you may want to keep extremely sensitive passwords - for bank accounts, online shopping sites that have your bank account information, and your CalNet passphrase - separate from all the other passwords Lastpass or Keepass manage. This way, if a hacker manages to crack your master password, they do not also gain access to these other important accounts. Remember to make your master password as strong and secure as possible, and different from all your other important passwords.
The moral of this story is: Be very smart and careful regarding what you do on the internet. There's only so much a password can protect. Make sure that your password is a tough one.