By Steve McEvoy, Technology Consultant
Is your password based on your name or one of your family members? How about some number related to your birthday? Your favorite Disney character? A pet’s name? The numbers to your home or office? I’ve seen all these approaches, and unfortunately so have the hackers.
In recent weeks hackers have stepped up their attacks on the Internet. One of their latest exploits includes using other infected computers as Robots (Bots) to attempt to login to computers connected to the Internet with RDP Remote Access enabled (see my other blog article on the details of this, and how to defend yourself from it). They can make a try every one or two seconds, easily more than 40,000 tries per day. They don’t get tired and they don’t give up easily. If you have a simple password, it increases the chances a hacker could get through. This is just one of many reasons to have a good password.
What makes up a good password?
The obvious answer is something that no one could guess or reasonably hack. Five or more years ago, it was generally accepted that a good password included:
- A mix of upper and lower case
- At least one number
- At least 7 characters in length
For example, ‘cowboy’ was a bad password, but ‘Cowboy7’ was a good one. But alas, in today’s more hostile environment Cowboy7 is now considered a weaker password.
S6&k#)Y3f^dT!a would be a great password, but incredibly difficult for you to remember.
Somewhere there needs to be a balance between security and functionality. This is even further compounded by the strong suggestion you should NEVER use the same password in two places, meaning that you will need to remember multiple complex passwords.In my opinion, a stronger password today should include at least:
- One or more special characters such as !@#$%^&*()
- At least one number, preferably two or more
- A mix of upper and lower case
- At least 7 characters in length, more (10+) is better
- A non-dictionary word, ideally something totally random
I suggest inventing some algorithm in your mind to create your passwords. Start with some totally random thought like “The Quick Brown Fox Jumped Over the Lazy Dog” or “My Car is Blue”. Then take the first or last letter of each word, such as “TkBxJrLg”. Now blend in random numbers and syntax, and it might become “Tk5Bx@Jr&Lg”. Invent your own system in a way that you can remember it.
You should also change your passwords periodically. Microsoft suggests every 30-60 days. I don’t know about you, but my brain probably can’t hold that much change and complexity. I think at least once per year is a good start.
Some resources that you might find handy
Store your passwords in a safe place: Why try and remember them all when you can store them in a database? One of many free application to store all your passwords in an encrypted database is called Password Safe. They have a Windows and Android Smart Phone versions, so you can have your passwords with you wherever you are. Password Safe also has a nifty feature where it will also generate a hard, random password automatically for you. If you write it down on paper (gasp), lock it in a safe (seriously). Don’t put it on a post-it note next to the computer or under the keyboard.
Random Password Generator: Not feeling creative, and want a computer to generate a really hard random password for you? One of several free ones available on the Internet is StrongPasswordGenerator.com. You tell it how long you want the password and if you want symbols, and it generates it for you. If you use this, remember to document the password somewhere in case you forget (and you will).
Want to learn what Microsoft thinks is a good online password, read it here.
Whatever your password is I hope this inspires you to review it and change it as needed. Think beyond just your own password, and review EVERY password on your practice network. Enlist the help of your IT person if needed.