If there is one thing that people around the world have been trained to do it is to create highly secure passwords. In fact, the need for 6+ digit passwords that include uppercase, lowercase, special characters, numbers, and so on, is commonplace on every platform today.
But just because we as a collective have been conditioned to create passwords in a specific manner, does that mean it's right? To put it bluntly, no it's not.
Though this may be a shock to some, simple yet longer passwords are much harder to crack than short complex ones. Here's an example. Most websites will require you to create the usual 6 to 8 digit password with the usual capitals, numbers, symbols, etc. With that, your password may come out to be something like this: PassW0rd01!
Is that actually secure? Not really. Due to habit, encouragement, and general consensus over the years of what these passwords should be and what so-called special characters should represent, hackers and the algorithms they use have been trained to know how to swap out "0" for “O," "A" for "@" and so on. And, as such, the password above is plain text to the seasoned hacker.
My advice, take a different approach to making your password far longer, yet a lot simpler. May be your favorite TV show title—in my case it would be The Big Bang Theory. Making this your password could appear as ilovethebigbngtheory. Notice I removed the "a" in the word “bang." By doing so, I’ve not only made my password longer than required, but I've also added a level of complexity that is far harder to crack.
And even though I don't use any symbols or numbers, ilovethebigbngtheory is mathematically much harder to crack due to the nature of the sentence structure, missing letter, and so on. But we can do even more. In instances where special characters can be represented by actual spaces, a simple yet highly secure password could be, "I Love the Big Bng Theory Very Much.” Again, no special characters other than spaces, but the length and mathematical complexity make it even more secure.
And if you're uncertain about how secure your password is, go to this site for a quick check: https://howsecureismypassword.net.
In addition to the lengthy yet simplified password practice, I also suggest using secure platforms such as LastPass, Dashlane, Keeper, and so on. Also known as password managers, or password vaults, these types of platforms manage all your passwords in one place, usually with a primary password to access your account. The benefit is that you can finally stray away from using one password for all your cloud and other activities. By randomizing all passwords, and adding lengthy and even sometimes weird structures, along with enabling a password vault to secure them, adds yet another layer of security to the mix.
And lastly, educate, educate, and re-educate your team members on password security and best practices. By creating new habits while simultaneously increasing the knowledge and perseverance needed for today’s digital age, your cyber resiliency will increase fourfold, keeping the bad guys at bay.
September 7, 2023
#FacesOfCalian: Oscar Morales
Get to know the Calian team with our Faces of Calian series!
August 1, 2023
Google Engages iSecurity, a Calian Company, to Conduct Assessments of Google Cloud
Google's recent decision to engage iSecurity, a Calian company, for a comprehensive privacy impact assessment (PIA) and a threat risk assessment (TRA) for Google Cloud services in Canada was a significant step towards even stronger data protection and risk management.
May 26, 2023
Meet the Experts - Kevin de Snayer
In today’s edition of Meet the Experts, we have an interview with Kevin de Snayer, Director of Cyber Solutions, ITCS, Calian.