Understanding What Makes a Strong Password

On average, each of us uses approximately 13 unique passwords across all our accounts. To some this may sound like a lot, though research shows that many of these passwords are used across different accounts.

Repeat password use is frustratingly common, especially when you consider that should your password be compromised on one account, then there is very little stopping someone compromising the rest of your accounts.

Though you may have varyingly secure passwords depending on the importance of the given account, there are a few simple steps and measures that you can take to help strengthen your password process and your overall information security.

Four Unrelated Words

One of the most common methods of creating a secure, yet memorable password is to combine 4 unrelated random words, such as ‘CorrectHorseBatteryStable’ (although not that one). To make it more difficult for a hacker to guess, it is important these words have no relation to yourself, such as your username or date of birth,

Whereas a two-word combination may be broken within a few hours, if you ensure that the password is at least 15 characters long, the ‘would-be’ attacker will be waiting years to crack your password

Password Manager

Depending on the amount of accounts you have, it is likely that it is going to be difficult to remember all these passwords without any help.

Rather than writing these passwords down on a piece of paper or keeping them within a plain text file, there are a host of great password managers out there. Many of which are available for free and generate secure passwords simply and securely.

The best thing being you will only need to remember one password to access the rest. Though remember, there is quite a lot of pressure to remember that one, since without it, you might be locked out of multiple accounts.

Two-Factor Authentication

Increasingly common in the digital world is ‘two-factor authentication’. Generally now a standard for banks, this process prompts the user for a second form of verification during the login process that helps prove the user’s legitimacy and increase account security.

This two-factor authentication could be an access-code sent via text, a phone call or even a device-generated code. This means that should an attacker gain your password; they would still not be able to get their hands on your account or your safely secured information.

A definite improvement within anyone’s password process.

Online Audit

Though it might not sound like the most exciting way to spend an afternoon, conducting an ‘online audit’ is quickly becoming a digital necessity.

This can entail several elements. Firstly, deleting accounts that are no longer active or needed.

Remember your old Myspace account? That is right, 427 million passwords were hacked. As a site loses users, they often loose the motivation to keep their accounts as secure. Meaning it is probably worth spending that extra bit of time exercising your GDPR right to erasure and get rid of those teenage digital tracks.

As well as removing old accounts, it is worth checking to see if your email addresses have been linked to any known breaches. Have I Been Pwned? should give you your answer. If you discover any breaches, it is probably time to change those passwords too.

Password Terminology

Want to understand the password process a little better? Here are some key terms used in password security:

Hashing

When we create a password for a login, what is known as a hash is generated. It is a scrambled version of the password stored as a record that enables your login. Should an attacker gain access to these password hashes, then the password remains unknown. The task for the hacker at this stage, is to try and break the code.

Cracking

The two most common approaches that hackers employ: brute force and dictionary. Firstly, a brute force attack attempts any and all combinations possible, generating huge amounts of hashes, and comparing them to the stolen hash. If they find the match – then they discover the password.

Alternatively, a dictionary attack generates hashes from lists of common passwords, dictionary entries, and common character combinations. A method which can prove to be very effective; especially if your password is not too complex.

Adding Salt

To counter these attacks, cryptographers use a process, known as ‘adding salt’. This mathematical technique prevents nefarious characters from comparing generated hashes, by adding randomisation into the hashing process; meaning two users with the same password would have a different hash.