Is Your Password Secure Enough?

28th November 2018

If your using a dumb password, and that’s the only thing between you and your online data, you will be a victim.

Billions of passwords are sold to cyber criminals on a daily basis the world over and if your ‘one password fits all’ makes it onto there, you can bet its only a short matter of time before you have a digital nightmare on your hands.

But I can’t possibly remember multiple different passwords, let alone complex ones?

The good news is, you don’t have to.

Use a password manager (even the NCSC recommend you do) and it will do all the leg work for you. It will generate complex passwords automatically and save them in its database, then when you visit the website it automatically fills in your details. This is seen as a risk by some, but this risk is smaller than using passwords you can remember. Password Managers have a mobile app so you can access from any device you own and activated with a fingerprint or face ID, for example.

Some brief history on passwords

As the years have gone by, what might have been passable as secure 15 years ago, just simply isn’t anymore.

For example: password1 can be cracked/broken into within 0.29 seconds – pretty scary huh!

However, Password! Increases the crack time to 35 minutes.

Obviously we don’t recommend you use either of those examples, but it shows how a simple change can make the hackers life harder

OK, so what kind of password SHOULD I be using?

Quite simply, if you’re using over 8 characters, with a mixture of upper, lower, numbers and special, plus it isn’t an actual ‘single use’ word in the dictionary, you’re on the right track. A password management tool will create a jumble of letters, numbers and symbols that make absolutely no sense to anyone and this is about as secure as you can get – the longer the password, the longer it takes to crack.

I don’t want to use a password management tool though, so what can I do?

Not everyone will want to go down that route, or perhaps you might be sceptical for one reason or another, but there is no easy and secure way for you to remember your passwords, and re-using the same one is a big no no.

Think of yourself somewhere, it could be on holiday, or at your favourite bar etc. What 3 things come to mind? Let’s say you’re on holiday and you think of ‘sunny’ ‘seaside’ ‘pier’. This follows the NCSC guidance on using ‘Three Random Words’, but it can be much better.

Example:

sunnyseasidepier

Now lets make it secure:

Lets simply substitute  the letter ‘e’ for the number 7, and add some capitals and we have

SunnyS7asid7Pi7r

Even if you wrote down on a post it on your screen ‘e = 7’ then you’ve not compromised your password and hopefully you have an easier way of remembering it.

DO NOT use common substitutions such a ‘3 for e’ or ‘@ for a’ etc – these are cracked in seconds.

For more information on password security, feel free to give us a call on 01323 287828, or to take your passwords and security one step further, take a look at our article on becoming Cyber Essentials certified.