Power of the Password

Security Awareness - Password Management

With technologies, such as Unified Threat Management, Advanced Persistent Threat Protection and Privileged Access Management, information security is often complex and expensive. However, one of the most powerful security tools is simple and can be produced at no cost. Often overlooked, and more often underappreciated, the power of the password should not be overlooked.

Passwords are used throughout the day in all areas of life. Improving your passwords can greatly increase your defenses not only at work, but just as importantly in your personal life.

While we all should know by now that “password” is not an acceptable password, many still do not take the time to ensure a solid password choice.

Here are a few guidelines to follow during your password creation process.

  • Use Complex Passphrases- The longer and more complex your password is the better. There’s not a minimum password length that experts agree on, but you should generally choose passwords that can be remembered easily and are a minimum of twelve to fourteen characters in length. One trick is to use a passphrase such as “my pencil is yellow” or “I love my dog Bartholomew”. Remember to remove spaces in a passphrase since spaces are not permitted in passwords. For example, “my favorite song to listen to by MC Hammer is “Too Legit to Quit.” The password I derive from this is “mf$2l2bMCHi2L2Q!”. In this example the password is composed of the first letter of each word, and subbing numbers in for words that are phonically similar. Next I capitalize all the key words in the artist name and the song title. Finally, I include a symbol at the end, if one is not already in place. The result is a password that is sixteen characters long, complex, and most importantly easy to remember.
  • Use Special Characters - Variety is the spice of life and password security. Include capital and lower case letters, numbers, and symbols. You can substitute some letters with special characters. For example, you can use a “$” in place of an “s” or an “@” in place of an “a”.
  • Modify a Passphrase to Term that Only Makes Sense to You - The more obscure and random, the better. It is best to stay away from any references to things you could find out about you on social media. That means not using topics like birth dates, anniversaries, names of family members, pets, or school mascots. Often a threat actor will do research on their target to gather this type of information.
  • Use a Password Manager to Generate Complex, Random Passwords - No matter how complex your password, if it is too difficult to remember, it is worthless. Assuming you do not have a photographic memory, you might be tempted to write down your newly formed password or spend time drilling these characters into your brain. The first is a fatal security mistake, the latter is unrealistic. One way to address this issue is to use a password manager that generates and stores complex, random passwords. Dashlane, Keepass Roboform and LastPass are a few password manager options. By using a solution like this, you are freed from having to keep recreating and remembering each password you create.

Using the guide above, anyone can achieve a secure password. By following these simple guidelines, you can greatly strengthen the security of your environments utilizing the immense power of the password.

eSecurity Awareness