With all the talk of GDPR, it’s easy to get caught up in what you need to be doing in terms of data privacy from May onwards. It goes without saying that irrespective of the size of your business, you should always have a focus on security. We’ve previously discussed website security and in this post we’re going to look at password security and the art of a strong password.
In my opinion, there are two separate ways to create a ‘good’ or ‘strong’ password, both understandably have the same outcome – a password that’s difficult, if not impossible, to be guessed or deciphered by a hacker.
The Memorable Strong Password
There’s plenty of information online about creating memorable passwords that are secure. Typically, it involves using a phrase/phrases that you personally can remember and including some numbers and special characters. Lets run through a quick example – we’ll use Dashlane to check the strength of the password at each point.
Single Memorable Word
As a football fan and Middlesbrough FC supporter, lets start with using ‘Middlesbrough’ as a password – after all, it’s a good amount of characters and contains both uppercase and lowercase letters, right?
Dashlane rates this password as 43/100 for security. Certainly needs work.
Lets take this one step further. A common acronym used by Middlesbrough supporters is ‘UTB!’, short for ‘Up The Boro!’. Lets append this to our password and see the rating.
Dashlane rates this password as 98/100. We’re well on our way to a perfect score.
The Final Combination
To finish of our password, lets include some numbers. A significant date in the history of Middlesbrough is 1986 – the year that the club was saved from administration. Using this date, we’ll create the password ’19MiddlesbroughUTB!86′.
Dashlane rates this password as 100/100 – a perfect score! Similarly, howsecureismypassword.net predicts it would take a computer ‘3 sextillion years’ to guess this password, but always take that estimate with a pinch of salt.
The Gobbledygook Strong Password
For lack of a better name, the gobbledygook password is an amalgamation of random letters, numbers and special characters that create a password theoretically impossible to guess and incredibly difficult, if not impossible to crack by a computer.
Dashlane incorporates a password generator into it’s browser extension. Using this tool you can choose which features to include when creating a new password – uppercase and lowercase letters, numbers and symbols. You can also choose for the generator to only use letters and create pronounceable phrases for use as a password – the tool will also tell you if the generated phrase is ‘weak’ or ‘strong’, if it’s weak then you can hit refresh and generate a new phrase . Below are some examples extracted from the Dashlane generator.
Letters only, pronouncable words/phrases only
micallitiono, halingentica, xantiononess
Letters only, lower case
zalgsakdfyzy, nymnmffddfgm, wlcweiozqrqi
Letters & numbers, mixed case
fkgDwjSu4jSD, xJ6JRgvMvCUX, wrLGchPCADsC
Letters, numbers & special characters, mixed case
-NZBC9/}B:&P, LA=5v9N$&)?x, N/TH~QN^2″Mp
As you can seen, the passwords created above get more and more indecipherable as we add more character variations – lowercase letters, uppercase letters, numbers and special characters. The further we progress, it becomes impossible to pronounce the passwords created and thus makes it less and less likely that a human would be able to guess your password and it would take a computer a significant amount of time to work it’s way through every possible combination of letters, numbers and characters to recreate your password.
For example, howsecureismypassword.net predicts it would take a computer 485,000 years to recreate the password N/TH~QN^2″Mp. If you were to extend this password to 16 0r 20 characters rather than 12, this would take even longer. You can rest in peace that your account is safe from being breached by using your password. In rare cases, companies can encounter ‘data breaches’ that allow hackers to get a hold of your password – in this case, it’s time to quickly generate a new password using the same method to ensure the security of your account and any associated data.