PASSWORD STRENGTH:
We all know the drill: enter a username and password to access your accounts. But are you aware
that, in many cases, your password is the only thing standing between your
important on-line accounts and a malicious actor trying to get in and steal
your information, your identity, and your money? That is why having an effective password is
so important.
So, what constitutes an “effective” password?
Well, a password is “effective” if it keeps bad actors out.
But to do that, you need to know what you are up against. These bad actors have at their disposal many
tools that try to defeat your password. One is a list of maybe the 10 million
or so most common or previously hacked passwords, including popular variations
of some of the more common. Adding a zero in place of the “o” in “password”
will not be any more secure. They also use “dictionary” attack tools that look
for actual words or variations of words (like the zero vs “o” above). Finally, if those fail, they use tools to
rapidly guess passwords one character at a time. So just using any a random collection
of characters, if too short, will still allow the hacker to guess the password
in a reasonable amount of time.
1. Make it long – 14 or more characters. This dramatically
slows down the character-at-a-time guessing technique.
2.
Use a “pass-phrase” instead of a
“password”. String words and characters
together in a way that is meaningful to you (and therefore easier to remember)
but impossible to guess (hint: don’t use information about yourself that may be
available on the internet).
3.
Include as many types of characters as you can.
For examples, use lower and uppercase alphabetic characters, numbers, and
special characters as allowed by the application or account. Some include
minimum requirements to include, for example, 3 of the 4 types mentioned here.
Finally, if you discover that a password you currently use
is on the weak side, change it!
Most sites and accounts will let you change your password whenever you
like.
If you want to test your password to see if it has been used
in a data breach, try haveibeenpwned.com.
Their database consists of over 600,000,000 passwords that have been obtained
from data breaches. To test your
password strength to see how long it would take a hacker to guess it, go on
over to security.org.