Creating more secure passwords

How many accounts do you have online? Facebook, email, that online shop, that forum, that little website... the list goes on.

And how many passwords do you use?

Please tell me the answer is more than one... if you're using a single password for all your accounts, fix that now. How? Here are three tips to get you going: 

  1. use a different password for each account you have
  2. select a password longer than 8 characters, using uppercase, lowercase and numeric characters. If you want to get more complex, and the site allows it, you can use symbols too (such as ! . % etc)
  3. avoid faux-spelling words with letter/number substitution (such as "p4ssw0rd"), and avoid using words or names that could easily be guessed, or are considered "common" passwords (Google "common passwords")

These three tips will make it harder for your entire digital life to be compromised. Even if a hacker uncovers one of your passwords, this doesn't necessarily mean that they will get in to every other account you have.

If your password uses just lowercase letters in a 6 character random combination, it could take up to 3.72 days for a brute force attack to look at all possible combinations, assuming one thousand guesses per second for an online system.

Sounds pretty secure, right?

But what happens if you make it 8 characters? Suddenly, this value increases to 6.91 years.

But what makes a password even better is to introduce uppercase and numeric characters - in computer speak, there is a difference between uppercase and lowercase characters - so instead of 26 characters, you now have 52 to chose from.

For our 6 character example, with uppercase and lowercase characters, it could take 7.69 months.

Add a numeric character (62 characters), and this explodes to 1.84 years.

So what about 8 characters, uppercase, lowercase and numeric? 70.56 centuries. Yes, centuries

That's one heck of a lot of potential combinations for your password.

Yes, of course, these estimates are theoretical based on one thousand guesses per second, and for an online system (offline brute force can be much more efficient), but take note of the insane increase of time needed to look at every possible combination of an 8 character password with uppercase, lowercase and numeric characters. Regardless of actual time measurement, the exponential increase shows the power of just adding a few more characters, and adding symbols too.

With so many accounts, and so many passwords (especially when you start using more complicated and unpredictable passwords), it can get harder to remember them. There are many password managers out there - and personally, I love 1Password, as it plugs into my browsers on my notebook, and has an iOS app, as well as a mature development and top security. There are others on the market, so do a bit of Googling around to find out the reputation of different password managers before putting your passwords in one, and ensure it is the right fit for the way you work.

So on the topic of passwords - just a reminder - never give your password to anyone. Ever. Even if you ring a technical support number and they request your password, keep it to yourself - they don't need it to do their job effectively, and if they do, then they're using an irresponsibly developed system or practices. Your password is just that - a password to an aspect of your digital life. Keep it safe, keep it secure, and keep it to yourself, always. 

Take a few minutes today and make sure your computer has a password on your user account. Make sure your smartphone and tablet has a passcode required to unlock it. Update other passwords to be more secure. Take positive steps forward to help make your digital life stay secure. 

Say hello Let's get your journey started.