It’s 2017, there are articles up weekly about companies being hacked, and we store large amounts of sensitive information online.
Despite this, there are smart, successful people who still use “Password” as their password for online services.
Password security was not something we were taught in school, and unless you are an ICT professional, tech-savvy individual, or a bit of a geek, you can easily miss the lecture on how to stay safe online.
This is evident in findings from research conducted by Kaspersky, which showed that many people use the same password for multiple accounts and use weak passwords – as they are easy to remember.
Many users also write their passwords down on a piece of paper, according to Kaspersky.
Research by Keeper further showed that many people use simple, letter-only or number-only passwords – many of which are sequential. Example: 123456.
Another issue is that many websites or online services do not give guidance to users about how to set a strong password.
A study by Dashlane found that many popular websites do not implement strong password requirements, such as requiring an 8-digit, alphanumeric code. Password “strength” indicators were also lacking on popular sites.
There are several ways to create and store strong passwords which don’t require you to be a savant.
Before we detail these, it is important to understand why you must not use common passwords like “123456” or “password”, and why having a letter-number combination is so crucial.
Common passwords and pattern passwords – like “qwerty” – are easy to crack, and dictionary-based password crackers know to look for sequential key variations.
“At best, it sets them back only a few seconds,” stated Keeper.
Short passwords, even with “random” letters or numbers – like “3479” or “dirv” are also relatively easy to crack.
This is because the fewer digits you have in a password, the less algorithmically complex it is.
A 4-digit password which uses the numbers 0-9 has a total possible combination count of 10,000. This can be calculated by taking the character/number variables (0-9, which is 10 variables) and setting the number of digits in the password as the exponent.
This means the possibilities of your 4-digit number password can be expressed as 104, which equals 10,000.
If the password is increased to 8 digits, you can see how the number of possible combinations increases exponentially. It is now 108, which equals 100,000,000.
Adding letters to the password takes it to an even higher level, as the number of variables increases to 36. 10 (0-9) plus 26 (number of letters in the alphabet).
This means your 8-digit password using letters and numbers has possible combinations totalling 368, which equals 2,821,109,907,456.
If you take numbers (10), and lowercase (26) and uppercase letters (26), this grows to 628 – which equals 218,340,105,584,896.
Adding in symbols, such as #, $, or %, add more variables to the equation, which means the number of possible combinations increases once again.
Storing a password
Many security experts recommend an 8-digit code as the minimum – with 10 or 12 digits the preferred length – and for users to use unique passwords for each site and online service.
Remembering a long, complex string of characters for each password used on each site is near impossible, however.
To make it easier, security professionals recommend using a password manager.
This includes services such as LastPass or the built-in password manager in browsers like Chrome.
It allows the user to generate long, complex passwords – which contain letters, numbers, and special characters – for sites and services, and have them stored and auto-filled into forms when needed.
The user then only needs to remember the master password to access their passwords.
To create a strong master password, users can do the following:
- Use a memorable sentence to create an abbreviation password – “I bought my house and car for 10 rand” becomes “IbmhacfR10”.
- Use a passphrase – instead of a typical password, use a passphrase like “”correct-horse-25-battery”.
- Don’t use names and birthdays – do not use your name, surname, or birthday in your password, as this information can be accessed with ease.