“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
With todays growing cyber threats, staying secure is more important than ever. The news seems to be in a frenzy about the latest hacks and attacks occurring all over the place. As with most catastrophes, we always think it could never happen to us, until it does, but how does it happen to us? Security is only as strong as its weakest link, meaning no matter how good your anti-viruses are, how big of a firewall you have, or how much technology there is protecting you, it can all be rendered useless by a single point. In computer security that point is almost always the user.
In the security world we are seeing a massive increase in brute force based hacks and ransomwares. These attacks work by trying to guess your password in as few as possible attempts, to gain access to critical services like remote connections and emails. There are a few techniques to help mitigate these attacks but none render them as useless as having a strong password and good password management.
We often think of a strong password as a long string of random letters, numbers, and symbols that are so complicated that no one could ever guess it. The problem is, when a password is impossible to remember we start sacrificing password management to remember it. What good is a strong password if you need to keep it written down on your phone or worse, stuck to a note on your monitor for all to see? Although all these things are important; length, letters, symbols, and numbers, a good password doesn’t have to be complicated.
A powerful password can be as simple as picking 4 random words and putting them together. The key to this is the length. For every extra character you add to your password you more than double the amount of guesses it would take a computer to guess it. Using actual words makes them easy to remember so you don’t have to keep it written down everywhere you go. Numbers and symbols can still be added for a bit more security, just don’t make it a chore to remember. “RoundPurpleTowerBird” is a much stronger password than “D@rkT0wN*2” or “$gHP0oi5”, and if you say it a couple times while picturing it in your head you will never forget it.
Lastpass.com is worth considering as a password manager. It’s considered one of the most secure ways to manage your passwords and provides convenience features that you probably haven’t considered. Contact your IT support professional for an in-depth review of your current Password policy or for help migrating to a more secure cyber presence.