Tips For Creating Strong Passwords

Strong Passwords

When working from homestrong passwords and security is especially important as it is one of the most elementary parts of computer security. Yet lots of customers tell me that remembering passwords is a real problem. Ideally every password should be a totally random mixture of characters, but for many this is too challenging. So here are some tips on GDPR and passwords and how to create passwords that are not ideal but may be acceptable.

A long password

According to www.betterbuys.com:

  • 7 character password using lower case letters will take .29 milliseconds to crack
  • 12 character password using lower case letters will take 2 centuries to crack

I can’t personally verify these figures, but it is an undisputed fact that longer passwords take longer to crack. So you don’t need a 40 character password but longer is good – say 11 to 12 characters and mixing characters is good. Uppercase, lowercase, numbers and SYMBOLS – adding in symbols significantly increases a passwords security.

A Strong Password

A strong password should NEVER contain a real word, but everyone tells me that they find strong passwords are a real pain to remember. Here are some tricks you can use top make it easier.

Memorable sentences

The first letters of a sentence can be used to remember a password. So…

Rebecca Sent Mthat Email telling mtuse Memorable Passwords!!

RSMtEtmtuMP!!

Include Dates

Your own dates of birth and birthdays of near relatives are not recommended but memorable dates that will not be recorded online but you can remember easily can be used. These can be integrated into Memorable sentences. So…

She Must bJoking!! 03 01 87

SMbJ!!030187

Car Registration Plates

Other people’s car registration plates that no-one will be able to link to you using photos, the DVLA or other sites on the Internet are good. So…

She Must be Joking!! AX04 YXP

SMbJ!!AXO4YXP

If you are particularly good with remembering other people’s number plates try incorporating two with other characters

Very old address numbers

Again that they won’t be able to find using the Internet. So…

She Must be Joking _ 31 Fambridge Rd

SMbJ_31FamRd

Mix them up as you find easiest

So number plates and dates…

AX04YXP_31 Fambridge Rd

AXO4YXP_31FamRd

The last is a 15 letter password, upper and lower case, numbers and symbols. Not the ‘ideal password solution’ as it is not random and includes reference to a car number plate and address but much, much better than the 6 character lower case word you may be using now. And, relatively easy to remember!

Pick A System That Works For You

Support for IT Teams

Remember that what works for you may not work for someone else. So, for example, my colleague is great at remembering friends car number plates. I am not. So I don’t even try to use number plates – memorable phrases mixed in with dates and symbols works for me! If you want people to start using stronger passwords don’t force your personal preferences on them – work out a system that fits in with the way they remember things.

When you first start to use a system such as this people will struggle – then when they have done it a few times it will get a lot easier and soon they will wonder what the problem was. This is one where it pays to persist. Start slow. Just change one password and get people confident using the new system.

A good security system often require users to change passwords every few months, which many people find irritating and challenging. Again there are things that you can do to help with this. Memorable phrases are good for these circumstances as you can quite easily have a ‘set’ of phrases. So for example:

1 Daisy flowers in the Spring – and is white & yellow

1DfitS-aiw&y

Roses bloom in the Summer. My 2 favourites are pink

RbitS.M2fap

I adore Acers: 4 their leaves are great in all Seasons

IaA:4tlagiaS

Get people to think what the phrases will be at the beginning of the year, that way they are far less likely to be irritated and annoyed when they have to change their password.

A Different Password for Everything

Now we come to the bit that most people I meet find impossible. It is recommended that the password for every website/program you visit should be unique and different and not written down beside the computer. Like you I find this challenging BUT, if you use the same password for every program/site then you are compromising security.

So, how do you manage it? Rather than tell you what you should do, let me ask you which do you think is safer?

Having the same password for every site and program that you use

To be compromised a person would need to get access to just one password and then will be able to use this password to access every site/program you use.

Different passwords, stored in a book that is kept next to the computer that contains your passwords 

To be compromised a person will need to get access to your building and find the book. 

Different passwords, stored in a password protected file or a Password app

To be compromised a person will need to get access to your building, access to the computer containing the file and access to the password that protects that file or the password app.

One file containing the application and the other the password

To be compromised a person will need to get access to your building and find both files.

Different passwords, stored in two books that are kept in two different locations, both well away from the computer

As above, but with a system that makes it not obvious which entries are connected in the files (for example a website is on the first line in one file and the password on the 15th line in the second). This last may well be too much hard work for most people but I thought I would list it as it is the solution recommended by a top Internet security expert!

Ok, some of these may not be workable in your business but hopefully they give you an idea and starting point of how you can assess the risks and come up with a solution that will work.

Personally, I think you should work up from the ideal solution, rather than work down from the worst solution. So I would suggest you start at the bottom of the list above and work upwards until you find a compromise solution that will work for you and your staff.

Also, remember as with everything you need to assess the risks. So if someone gets access to a folder that just contains 5 names and telephone numbers you may decide that does not require the same password security as a folder that contains 100 names, addresses, telephone numbers, credit card details, etc.

However you decide to manage your passwords, be aware that a good password is the first step to good security. So taking steps towards making your passwords more secure is worth the time, effort and pain.

Rebecca Mansbridge
Updated April 2020