Password security


We all know that passwords are a pain in the butt but entirely necessary in our modern technological world. The problem is that we generally need so many of them that managing these become even more of a burden. Unfortunately given this, many people become lazy and fall into bad habits.

The major bad habit is using weak passwords. Turns out that some of the most common password include ‘monkey’, ‘password’ and ‘qwerty’. These passwords maybe easy to remember and enter but if they are that easy then they are just as easy for someone else to guess. The most important characteristic of good passwords are that they are long. This means a password like


is more secure than


The simple reason is that when someone is attempting to guess your password the system does not tell them how many characters are missing it simply tells them that they have input incorrectly. For more information about this subject head over to the Hystacks page on GRC. So step one for improved password security is make passwords long, typically greater than 14 characters is recommended.

The next factor that can be incorporated to improve password is complexity but as with all security some balance needs to made. A password like


is certainly complex but it is also very difficult to remember. Passwords that are difficult to remember get written down somewhere which makes them insecure. Success however is at hand if you think of passphrases rather than passwords. If you consider the passphrase like

Mary had a L1ttle lamb?

You will see that it is long and complex because it includes spaces, numbers, upper and lower case as well as special characters, such passphrases are also much easier to remember.

Another thing that greatly improves security is the addition of two factor authorisation. Much like when you go to withdraw money from an ATM you have your PIN number and your card, many common systems you probably use already have the ability to incorporate two factor authentication.

Most bank accounts now allow you to have a code sent to your mobile phone to confirm a transfer. Paypal has a security key as well as SMS codes. There are generic services like Google Authenticator which can be connected to both Gmail and Outlook. Correct Solutions is also currently evaluating industry specific solutions such as AuthAnvil from Scorpion Software to integrate with many common applications.

In most cases, the only thing that stand between you and the information people are trying to steal is your password. If you use poor passwords then it is only a matter of time before you become a victim. If you implement the suggestions above then your chances of being compromised are much, much lower. Remember, security of your systems comes down to you in the end. It is also best practice NEVER to reuse a password. That certainly makes things more challenging but this will be addressed in an upcoming post.