Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around Deerfield Beach. Computer Services, Tech Support, IT Solutions and more!

Best Practices for Keeping Your Passwords Secure, Yet Memorable

Best Practices for Keeping Your Passwords Secure, Yet Memorable

As the preeminent form of security online, passwords are currently the most important frontline defense to get right in your organization. However, many people often cut corners with their passwords to ensure they don’t forget them, recycling them across their many accounts. Let’s go over a few ways to help your team create secure passwords that they can commit to memory without shortchanging their efficacy.

How Strong Can a Password Be?

Passwords are a tricky thing, particularly because there are two different ways to crack them. First, you have the algorithmic tools that cybercriminals now use to crack challenging passwords, and second, the ability of a cybercriminal to deduce or acquire it through social engineering.

This makes it critical that you properly balance your account security so that you can remember the code you need to get in, without relying on something that would easily be guessed by a computer or a cybercriminal.

The Challenge of Creating a Password

Okay, so the time has come for you to put together a new password, or perhaps a password policy for your business. Moving forward, you need to do so while appreciating two things:

  1. If a password cannot be breached or guessed, a hacker will likely begin to try every possible combination of credentials.
  2. A password’s security is not the same as its resistance against a brute force attack.

It might help to think of an authentication measure as what it really is: a lock. All a password is, really, is the key needed to unlock access to certain data or information.

Let’s picture this literally: let’s say you have a vault, protecting all your most important secrets. Someone trying to get at your secrets will likely first try all the combinations that a lot of people use, and then all the dates and times they could find that may be important to you. If that doesn’t work, their next step is to simply try every possible combination… which, sooner or later, will ultimately lead them to the correct one.

So, what does this mean for your passwords?

The Balance Between Complexity, Predictability, and Memorability

When creating a secure password, there are assorted best practices that we’ve frequently encouraged, including:

  • Sufficient length, ideally over 16 characters
  • A combination of numerals, letters, and symbols
  • No privileged or personal information, or that which can be found online or on social media
  • No common words or numbers
  • No consecutive letters or numbers

Creating the Optimal Secure Password

Since we also must consider the computing power now available to your adversaries, adding some complexity there can help add to their difficulty. Take the fact that about 41 percent of passwords are entirely made up of lowercase letters—cybercriminals will know this, too, and therefore can skip any options with other symbols or capital letters in them in their initial brute force attacks.

However, adding some of these components—capitalization, numerals, punctuation—can eliminate your password from these calculations, making the process of finding your actual password a far lengthier one.

In short, the most secure passwords are those that no human brain has any probable chance of guessing, and that are most likely to resist a brute force attack and outlast any attempts made.

Of course, there are other considerations to keep in mind as well—like memorability. While a password like “2Gu+04nFW9” may resist the efforts of a cybercriminal and their guessing games, and even stave off an algorithm for a time, how simple is it going to be for you to remember that?

If you’re like most of us, not simple at all.

This is where the idea that “close isn’t close enough” can work against the user and the attacker alike. While the requirement of an exact match does make it more challenging for a hacker to identify the exact passcode, it can easily lead to passwords like “2Gu+04nFW9” being a real challenge for a user to, well, use.

Therefore, a prevailing theory nowadays is that the most secure passwords are the ones that utilize a few random words, with varied capitalization and alphanumeric switching, that are padded with several symbols on either side.

Why is this?

Simple: with each different variable you add, you reduce the chance of your password being brute-forced. A sizable proportion of passwords unfortunately still consist of nothing but lowercase letters. Attackers know this, and rather than wasting time checking all variables in a brute force attack, they will simply check passwords containing only these levels. Each additional variable you introduce makes their search longer by a significant factor.

So, to keep the complexity/uniqueness/memorability balance in check, while still minimizing the risk of a successful brute force attempt, an ideal password may look something like this:

……/// k!ck_rat!o_E77Ect ///……

That way, it isn’t impossible to memorize, incorporates multiple variables for a brute force attack to account for, is 29 characters long, and almost certainly will not be guessed. (Of course, now that we’ve published this blog, you should not use this particular password.)

But Wait: Now I Have to Remember All These, Too?

This is the part that encourages the least secure password habit of all—repeating one across multiple platforms and accounts. Fortunately, this is a simple enough habit to avoid with the use of a simple, yet effective, tool: a password manager.

A password manager is a program that securely stores all a user’s needed access credentials to their other solutions, burying them under considerable layers of encryption and sealing them behind a login. As a result, the number of passwords that you actively need to remember is effectively reduced to one while you still enjoy the security benefits of numerous passwords.

As for the rest of your security, Direct Technology Group can have your back by seeing to your security solutions and monitoring your network for latent and incoming threats. We can, of course, also assist you in implementing your password management solution. Find out more by reaching out to us at 954-739-4700.

Tip of the Week: How to Avoid Losing Your Tech Whi...
Let’s Get Started with Google Drive
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 02 March 2021

Captcha Image

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Privacy Cloud Efficiency Productivity Google Network Security Hackers Data Microsoft Malware Workplace Tips Software Communication User Tips Business Innovation Hardware Smartphones Miscellaneous Email IT Support Backup Internet Hosted Solutions Mobile Devices Small Business Android Computer Collaboration communications Users Smartphone Mobile Device Ransomware Network VoIP Business Management Cybersecurity Productivity Social Media Managed IT Services Upgrade Windows Outsourced IT Passwords Browser Windows 10 Managed Service IT Services Tech Term Holiday Microsoft Office Save Money Gadgets Cloud Computing Windows 10 Employer-Employee Relationship Bandwidth Apps Remote Business Continuity Automation Covid-19 Facebook Quick Tips Data Backup Phishing Internet of Things Managed IT Services Disaster Recovery Office Marketing Chrome Saving Money Data Recovery IT Support Apple Health Gmail Mobile Device Management Networking Information Wi-Fi Server Wireless Analytics Applications Router Office 365 Alert Password Office Tips Managed Service Provider Computers Remote Computing WiFi Settings Access Control Hacking Retail Cybercrime Virtualization Government VPN Patch Management Data Breach Business Intelligence Mobility App Recovery Excel Going Green Remote Work Twitter Laptop Physical Security BYOD Application Data Management Law Enforcement Website iPhone Blockchain Operating System Remote Monitoring BDR Battery Mobile Computing Bring Your Own Device VoIP Employee-Employer Relationship Environment Maintenance Managed IT Service Entertainment Compliance Google Drive Lithium-ion battery Workers Big Data Safety Spam Net Neutrality Voice over Internet Protocol Mobile Office Paperless Office Virus Information Technology Telephone Systems Politics Value Biometrics Social Engineering History Mouse Conferencing Printer Artificial Intelligence Word End of Support Humor Managing Stress SharePoint Search How To Two-factor Authentication Free Resource RAM Tech Terms Encryption Hosted Solution Education Images 101 eWaste Processor Business Technology Healthcare Vendor Company Culture Vulnerability User Error Best Practice Cortana Data Security Social Network G Suite Telephony HIPAA Employees Virtual Reality Hybrid Cloud Shortcut Tablet Medical IT Sports Connectivity Cost Management Batteries Human Resources Cleaning PowerPoint Meetings Robot YouTube DDoS Scam Telephone System Tech Support IT solutions Hard Drives Wireless Charging Smart Technology Dark Web Payment Cards Customer Relationship Management Shadow IT Risk Management Tip of the week Remote Workers Files Customer Service Internet Exlporer Content Filtering Windows 7 Data storage Virtual Assistant Data Protection Printer Server Fax Server Training Streaming Media Current Events The Internet of Things Remote Monitoring and Management Internet exploMicrosoft Authentication Internet Explorer WannaCry National Security Management Antivirus File Sharing Project Management Techology Security Cameras File Management Backup and Disaster Recovery Printers Telecommuting Email Management Chrome OS Analyitcs IT Reputation Analysis Remote Working Advertising Authorization Threat Hard Drive Google Maps Updates Notifications User Security Insurance HaaS Wearables Hacker Managed Services Provider Microsoft Teams Network Attached Storage SSD Millennials Spotify Hosted Desktop Customer Private Cloud Troubleshooting Printing Processors Phone System Licensing Personal Information Broadband Flexibility Gadget Science Server Management User Inventory Cabling Electronic Health Records Firewall Display PCI DSS Public Cloud Update Paper Spyware Botnet Travel SaaS internet consultant Legal Windows 8 Touchpad Machine Learning Reporting Mobile Security Profiles Benchmarks Social Regulations Compliance Outlook Ink HP Wearable Technology Managed IT Live Streaming Bluetooth Sales E-Commerce Distribution Cables Telecommute e-waste Voice over IP People Windows XP Multi-Factor Security Solid State Drive Bloatware Computer Repair Relocation Recycling Innovations PDF Profitability Document Management Running Cable WhatsApp USB Uninterrupted Power Supply Knowledge Video Games Payment Fleet Management Data loss GDPR disposal eCommerce Hard Disk Drive Entrepreneur IT Service Social Networking Tip of the Week/Security Eliminating Downtime Downloads Digital News Comparison Copy instant Messaging Tablets Multi-Factor Authentication Black Market Staff Storage Online Shopping Webcam Video Mobile Computer Accessories Bitcoin Reviews Wireless Internet Trends Edge Consultant Worker Specifications Alerts Paste Vulnerabilities Holidays Amazon Websites Error OneNote Cameras Gig Economy Help Desk NarrowBand A.I. Best Available Distributed Denial of Service Dongle Budget Work/Life Balance Cryptocurrency Memory Virtual Private Network Downtime Plug-In Touchscreen Database Lead Generation Avoiding Downtime Windows Server 2008 R2 Remote Support Threats Gifts Hiring/Firing Certification Wireless Technology Movies IT budget Automobile Remote Control Co-Managed IT Proactive IT Microsoft Office 365 Tactics WIndows 7 Unified Threat Management Taskbar Programming Scams Customer relationships Staffing Chromecast Unified Communications IT Management Technology Tips Access User Tip Spam Blocking Windows Media Player Time Management Memes Monitor

Mobile? Grab this Article!

QR-Code dieser Seite