“Welcome” and “Password” – How to Make Sure Your Password is Secure
By Brandon Hill, Technology Specialist
Passwords have become a daily battle for many of us. Every website, application, and device has a different password in a different format you must remember. Some get changed regularly and some go stale from not being used. Because of this, passwords can become a routine battle keeping us from getting our daily tasks done. However, passwords are usually the single line of defense to keep out potential thieves. We will discuss how to decipher the complex password jungle while increasing data security for both you and your clients.
I frequently get asked “What is the risk if someone gets my password? I don’t have anything someone would want.” The fact is, if someone has your password, they have easy access to your data. Your data can contain client information such as names, account numbers, socials, addresses, and birthdays; everything needed for identity theft. Even if this information is not stored on your computer, an attacker can use the stolen information to perform malicious attacks on others using your account and/or computer.
How do we make passwords more secure? A password needs to be as complex and as far from words in the dictionary as possible. It should contain upper case letters, lower case letters, numbers, and special characters. It should be, at minimum, eight characters. We all know that using “1234” or “password” is unsecure. But what about “B0bby123!”? It seems to meet all the criteria listed above, but is also a bad choice. Attackers use words from the dictionary with variants (such as replacing “o” with “zero” and “a” with “@”), then add the usual “123” sequential digits to it. This won’t take long for an attacker to figure out.
Here is one easy way to create a secure password and still remember it: create a phrase and convert it using only the first characters. For example, take the phrase “The first house I ever lived in was 613 Fake Street. Rent was $400 per month,” and extract the first characters. This generates a password of “Tfhieliw613FS.Rw$4pm.”. This is now a 21-character password which is not from the dictionary and can actually be remembered.
Now that you have created a secure password, it needs to be stored. Passwords should never be written down, stored in your desk, or stored in a web browser. Password managers can help and be a great tool if used correctly. There are plenty to choose from (RoboForm, LastPass, Dashlane, etc.), but when choosing a password manager make sure they have multi-factor authentication and use it. Also remember when using a password manager that one password controls access to everything.
A few final tips for password usage: Remember to not share passwords with anyone, not even co-workers. The easiest way to steal a password is to simply ask someone for it. Most sites offer multi-factor authentication… if it’s available be sure to use it. When it is enabled, even if attackers have your password, they will not be able to gain access without the second factor. Lastly, develop an internal policy that outlines how passwords will be created, changed, and stored. Make sure everyone understands the policy and follows it. These policies should be audited periodically to make sure things are working as they should.
Please email Brandon Hill if you have any questions at