Creating and Using Strong Passwords

Becoming Cyber-Mindful

WILL YOUR PASSWORD BE UNBROKEN?

We know what you’re thinking: “Strong passwords, change your password, don’t Post-It to my computer monitor, blah-blah-blah . . . I already *know* all that!” BUT, you may be surprised to learn that “Password Wisdom” has been changing over the last several years. And this month, we want to make sure you’re in the loop!

SO WHAT SHOULD I DO?

Glad you asked! We’d suggest you. . .

Create low, medium and high-security passwords.

This makes you less vulnerable if your password gets hacked. For instance, if my recipe website account is compromised and I use the same password for my online banking, that’s likely to go badly. So take a lesson from the three bears:

  1. Use a highly secure password for your banking and sensitive work accounts. Maybe a long “passphrase” with numbers, caps and special characters.
  2. Use a medium password for less critical, but still personal stuff (like Facebook, Linked In)
  3. Use a simple password for “junk” accounts – ones with zero access to your personal or credit card information like a Bengals fan forum or recipe site

Store your passwords somewhere safe.

Because you’re going to have *several* (if not many) passwords, yes, you can write them down. Just make sure to protect them like your other valuables – maybe in your wallet or a locked drawer. Or, consider an online “password manager” like LastPass, Dashlane, or 1Password (these let you remember one *super secure* password to a site that safely catalogs all your others).

Don’t reuse your passwords.

Just like your toothbrush. Once you replace it, don’t put it back in rotation.

HOW WELL DOES THE “MAN ON THE STREET” PROTECT HIS PASSWORD?

Jimmy Kimmel did some research to find out.

HOW TO CREATE STRONG PASSWORDS AND PASSPHRASES

The more random, the better. But to keep them memorable, try these tips:

Create Acronyms

Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son’s birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.

Use Substitutions

Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son’s birthday is 12 December, 2004 could become Mi$un’s Brthd8iz 12124, which would make a good passphrase.

A strong password:

  • Is at least eight characters long
  • Does not contain your user name, real name, or organization name
  • Does not contain a complete word
  • Is significantly different from previous passwords

A strong passphrase:

  • Is 20 to 30 characters long
  • Is a series of words that create a phrase
  • Does not contain common phrases found in literature or music
  • Does not contain words found in the dictionary
  • Does not contain your user name, real name, or organization name
  • Is significantly different from previous passwords or pass-phrases

SOME LIGHT READING

OUCH! Newsletter: Passphrases

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201504_en.pdf

OUCH! Newsletter: Password Managers

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201510_en.pdf