How To Make A Strong Password

After seeing a recent advertisement campaign from the UK Home Office regarding online security and passwords, we thought that the focus may have been in slightly the wrong place and wanted to set the record straight on how to make a strong password.

The Basics

A password acts as a lock on your front door, stopping strangers from walking into your house, seeing your belongings and taking what they want. The most important password that you need is your primary email password because if anybody find this out, they could use it to reset all of your accounts from social media to online banking. Everything. As a general rule, the longer a password is the stronger it will be. HOWEVER, the key to creating a strong password is to use 1) upper case letters, 2) lower case letters, 3) numbers and 4) special characters. By using all of these in combination, you will make a much stronger password.

Why Do I Need A Strong Password?

In an ideal world you wouldn’t need to worry about data security and online safety, but as it stands it is a genuine risk and needs to be addressed accordingly. There are three main types of attacks to computer accounts:

  • Automated – A completely impersonal attack used to breach the security of anybody
  • Specific Websites – When users of a particular website are targeted, for example people who use a specific bank
  • Personal Attacks – An attack on a particular These are reasonably uncommon as there are few cases where the information that one individual possesses is worth obtaining

As unlikely as these may seem, it is better to be safe than sorry with online security, so make sure that you and your loved ones are secure online, particularly if you have elderly relatives who use the internet, as they are generally less likely to be as tech savvy.

CyberStreetwise

What information do you take away from the video above? It seems to us that the message is to create a three word password, using upper and lower case letters, using special characters and numbers as replacements for certain letters, as the example dogPostm@nD1nner shows. Whilst this is sound in principal, when put into practice this is not as secure as you might think. If you take a standard dictionary attack on a password – this goes through every word in a dictionary to see if it is the password – a single word acts as the equivalent to an individual letter, so a standard 3 word combination WITHOUT any numbers or special characters is effectively as safe as a 3-letter word, which is not safe at all. By adding in substitutions, you are certainly making the password more secure, however if you are using a common substitution – 0 for o, 1 for i, 3 for e or @ for a – then these could equally be programmed into a dictionary attack, alongside any number of capital letters in a word, thus still reducing your password to being only slightly stronger than the integrity of a 3-letter word again.

There is some more helpful information available on the CyberStreetwise website, however as a 15 second video and a static ad campaign, it seems to us that the focus is not quite on the right message – also the suggested password of ‘Appletr33b!ke’ on the website only ranks as MEDIUM in the Microsoft Password Checker.

Creating A Password

Contrary to what you may think, your password does not need to be a completely randomized and unmemorable combination of characters, because if you need to write it down to remember it, then you are going to have some issues with its security. That said, it is important not to use either of the following, unless you do not value your online safety very highly:

  • Name/Place (or any individual word)
  • Phone Number/Date of Birth (or any number sequence)

Here are a few suggestions for ways to create a strong and memorable password:

  • Combine two words and alternate between lowercase and upper case (e.g ‘BADGER’ and ‘pigeon’ can combine to make ‘BpAiDgGeEoRn’)
  • Combine a word with a number such as a phone number (e.g ‘BADGER’ and ‘648392’ can combine to make ‘B6A4D8G3E9R2’
  • Take a word, write it in lower and upper case letters, then insert some symbols into it – this may be a little harder to remember (e.g ‘BA6£*dg)eR’)
  • Type a memorable number string whilst holding down the shift key (e.g 01273 485495 becomes ‘)!”&£ $!$^$&’ )
  • Don’t forget that you can use the space as a character in most passwords
password photo

Photo by paul.orear

Password Storage

With so many websites requiring you to sign in, it is easy to choose your standard username/password combination. There is nothing wrong with this, as long as the password that you have is a secure one, otherwise you leave yourself open to vulnerability. It is not a good idea to physically write down the password anywhere, especially if you have it near to your computer – in the unlikely event that your house was broken into, you do not want to give the intruder free reign over your online details and accounts too!

If you want to have unique passwords with the highest level of security for each application/website that you use and do not want to have to remember them all, you can purchase password storage software such as Roboform, which remembers your details for different websites and then encrypts using a master password – you have to remember this one so make sure that it is a strong password. Compared to Google Chrome or Internet Explorer password managers, Roboform offers a higher level of protection to give you that extra piece of mind that your sensitive data is protected.

Be careful with websites helpfully trying to automatically store your login details if you are using a shared office computer or a public computer. This can leave your account details open to an opportunistic attack. Always make sure to click “Not this time” when a website offers to save your details, unless you are using your own private computer.

Password Generators

If you do not want to think up a password, or want to create a particularly secure randomly generated code, this can be done using password generation websites – this is also a feature of Roboform. You can use the advanced settings to define the criteria for generating the password, including the number of characters, use of special characters and number of digits required. Other examples of password generators are Random.org and strongpasswordgenerator.com.

Summary

  • Make sure that your email password is a strong one using lower case & upper case letters, numbers and special characters
  • Don’t use any of the 25 Most Popular  Passwords including password, 123456 and qwerty
  • Don’t write down your password to keep around the house or near to the computer
  • Do not send your password to anybody via email. Your account will only be as strong as theirs and if they have a bad password your details could be compromised
  • Don’t let public or shared computers save your login details
by Ian Shaw
April 28, 2015