Established 1993

Iconography

Gray Arrow

“Password must contain at least one uppercase letter, symbol, and number!”

I’m sure we’ve all seen this phrase when signing up for a new account online. In the earlier days of the web, there wasn’t as much concern about web security, making simple passwords quite common. But while plain passwords are easy to remember, they are incredibly unsecure.

Let’s take a look at the first five entries in SplashData’s 25 worst passwords of 2013:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123

Enticing though they may be, those five passwords could be guessed in under a second. And that’s just using just a desktop computer!

In our line of work, when handling client information online, we commonly run into passwords structured something like “arthur42.” Just a name or a word followed by a number. You might think that the number makes it secure, but in reality, it only makes the password minutely more difficult to crack. Rather than an instant guess, it jumps to 11 minutes. Capitalizing the “A” increases decryption time to a whopping 15 hours, but I think we can do even better.

Building a Better Password

When a website urges you to add a symbol and number to your password, you may find yourself wondering, “What good will that really do?”

Going back to our example above, let’s try adding another number and a single symbol. “Arthur423$” would take 58 years. That’s 1,411 times longer than the password above! While that’s definitely an improvement and you’re vastly better off using that than “arthur42,” we can still do better.

The reason these simple passwords are easy to crack is because the automated tools used to crack them have a huge dictionary of words to pull from. They’ll automatically (and very quickly) try those words and variations on their spelling and capitalization while also trying to append numbers to them until they finally get a match. So while adding a “$” or “3” doesn’t solve our problem, you can see how utilizing symbols and numbers can greatly boost the security of your password. Less than a second to 58 years is quite a jump!

So, what would we consider to be a good, strong password? I personally use a random password generator that just now gave me “M$j%$@gXSN2Le*O.” Using the same parameters used to gauge “arthur42,” it would take your average desktop PC 16 billion years to crack it. Since that’s 3 billion years longer than the age of the universe, I think we’ve found our secure password.

Remembering a Better Password

“M$j%$@gXSN2Le*O” may be secure, but it’s not very easy to remember. Some people come up with memory tricks to remember their passwords, but that’s not always possible. So what are our options? How can we be secure, but not have to rack our brains trying to remember dozens of super-complicated passwords?

Personally, I use a password manager. A password manager is a program that keeps track of your passwords for you in an encrypted database. It only requires the memorization of one super strong password to be given access to all of your accounts. Now, this may seem like an “all your eggs in one basket” approach, but any good password manager will require multiple means of verification (commonly known as two-factor authentication). That way you — and only you — can have access to your passwords.

My preferred manager at the moment is KeePass, which allows you to store your passwords in a secure, encrypted database file. To unlock that encrypted file, you can utilize up to 3 methods of verification: encryption key file, password, and Windows account verification (which will limit access to the database to the user who created it). I utilize the encryption key file and a strong password. The downside to KeePass is that it requires a good bit of setup and a little extra know-how to use it effectively.

A more user-friendly method is LastPass, which exists as a website and browser plugin for managing passwords. The major advantage LastPass has over KeePass is the browser plugin detects what site you’re attempting to log into and auto-populates the login form for you. The major disadvantage is that your encrypted passwords are stored on a 3rd party’s server rather than locally on your own machine. But since LastPass also offers two-factor authentication via several mobile apps for an extra layer of security, it’s still a strong option — and much preferable to “arthur42.”

In Summary

While prompts to create a stronger password may seem like an annoyance or inconvenience, the value of a strong password cannot be overstated. The easiest way for someone to gain unwanted access to your email, social media, or other online accounts is by guessing your password. The weaker the password, the easier this becomes. Tools like LastPass and KeePass can be very helpful for utilizing strong, complicated passwords without the hassle of having to memorize them.

 

Tagged: , , ,

Leave a Comment

Good words are worth much, and cost little. George Herbert

Leave a Reply

    • Team Works Logo
    • A new company providing teambuilding adventures and experiences to allow personal and collective growth.
    • Manning Media Inc. Website
    • Manning Media is a marketing solutions organization, locally-owned and operated in the Mid-Atlantic region. When they were ready to update their website image and technology, they selected our team here at Icon Graphics. We utilized WordPress and Elementor to build a site that they can easily add and design new pages on the fly without the help of a professional designer. See it live!
    • Triad Engineering Website
    • Custom designed and programmed responsive website with WordPress CMS. Triad has the ability to upload their projects, select the services provided and their site will automatically populate the appropriate services pages. See it live!
    • ConservIt Website
    • Web design and development for ConservIt in Hagerstown, MD. See it live!
    • Shenandoah Air Conditioning & Heating, Inc.
    • Website design and development for Shenandoah Air Conditioning & Heating in Kearneysville, WV See it live!
    • Find Your Park CVB Ad
    • An ad design for the Visit Hagerstown and Washington County Convention and Visitors Bureau, in cooperation with the National Park Service.
    • Longmeadow Dental Website
    • Copywriting, website design and development for Longmeadow Family Dental Care. See it live!
    • USMH Self-Mailer
    • Die-cut self-mailer designed for the University System of Maryland at Hagerstown.
    • City Center Banner Stands
    • Design and printing of banner stands for the City of Hagerstown.