Time to Revamp Your Typical Password Strategy
Written by: Black Kite
Hi, I’m Jeffrey Wheatman, Cyber Risk Evangelist at Black Kite.
Whelp, Cybersecurity awareness month is almost over and it’s also time to change my password again. I think my new password is going to be … 12345678 – that will totally fool the bad folks, right?
You may be saying, ‘that is an awful passw0rd!’ and you would be correct. Unfortunately, it’s also one of the most common p4ssw0rds used. Come on people, make the bad actors work for it a little bit. P455w0rds are one of the weakest links in the security chain and people still struggle with how to create good P455w0rds!. Here are some things to think about when creating P455w0rds!_NOW.
Let’s Build a New Password
- Generally speaking, longer is better. The longer a password is, the harder they are to crack.
- Varying the characters – upper and lower case letters are a good start, adding numbers and special characters adds complexity and make it more difficult still.
- Don’t use names or numbers that others will know. For example, on the surface D3br4_H00ch! Looks pretty complex, but anyone that knows me or does a little research can figure out the name of my wife and my doggo (and yes his brother’s name is Turner).
- Don’t use the same passwords in more than one place. There is a hacking technique called credential stuffing. Attackers get access to a user name and password combination and then try them in other places – you lost the password to the gym login system, so what? Unless of course you use that same login for your bank – ruh-roh!
Use the Compound Word Method
A simple approach is what I call the compound word approach. You can call it whatever you want, but I’m sticking with this.
- Pick three words – elephant, puppy, computer.
- Put numbers between the first two and special characters between the second pair – elephant3puppy,computer
- Sub out some of the letters for numbers or symbols that look like the letters (for example e>3, l>1, o>0 – this is called 133t speak in the cybersecurity field, largely by old folks like me) – 3l3ph4nt3puppy,c0mput3r
Save the Trouble and Use a Password Manager
Of course, you could download a password manager and avoid all of this. Password managers are simple, easy to use tools that act as a vault for all your passwords. They will allow you to create complex passwords that you won’t have to remember. Just don’t forget the password for your password manager – trust me. Not that I ever made that mistake, but if I did, it would have been bad … really bad!
Stay safe. Stay Healthy, Stay Secure!
Wheatman, OUT!