What does a password need, to be secure and strong, given that some people continue to use insecure passwords such as “123456”, or indeed ‘password’? Check Point Software gives advice:
The longer and more varied, the better: it should be at least 14 to 16 characters long and consist of different letters, combining upper and lower case letters, symbols and numbers. However, it has been noted that by simply increasing the password to up to 18 characters combined, a completely unbreakable key can be constructed. This belief is based on the number of attempts brute-force practice requires where the total number of combinations is equal to the number of characters multiplied by their length.
Easy to remember, complex to guess: it should be a combination that only the user knows, so it is advisable not to use personal details such as dates of anniversaries or birthdays, or the names of family members, as these can be easier to figure out. A simple way to create passwords that anyone can remember is to use complete sentences, either using common or absurd scenarios, with examples such as ‘meryhadalittlelamb’, or its even safer equivalent with different characters ‘#M3ryHad@L1ttleL4m8’.
Unique and unrepeatable: create a new password each time a service is accessed and avoid using the same password for different platforms and applications. This ensures that in the event of a password being breached, the damage will be minimal and more easily and quickly repairable. According to a Google survey, at least 65 per cent of respondents reuse their passwords across multiple accounts and web services, which increases the chances of multiple platforms or applications being breached.
Always private: a premise that may seem basic but is important to remember. A password should not be shared with anyone, and it is especially advisable not to write it down anywhere near the computer or even in a file on it. For this task, you can use tools such as password managers, which do the same job, but in a more secure way.
Real security is just ‘two steps’ away: in addition to having a strong and secure password, the use of two-factor authentication (2FA) is a major security enhancement. This way, every time an attacker or an unauthorised person wants to access someone else’s account, the account owner will receive a notification on their mobile phone to grant or deny access.
Change it periodically: sometimes, even after following all these practices, incidents beyond our reach occur such as leaks of company databases. Therefore, it is advisable to periodically check whether an email has been the victim of a vulnerability to a third party, as well as to try to trace the accounts that may have been compromised. To do this, there are public access tools such as the Have I Been Pwned website, which try to gather basic information on these leaks in order to offer support and help to users. Similarly, even if they have not been breached, it is always recommended to update passwords every few months.
Muhammad Yahya Patel, Lead Security Engineer at Check Point Software says: “Every day, cybercriminals create new attacks aimed at stealing user passwords. Techniques such as phishing have managed to breach thousands of services by stealing credentials. This risk can be easily remedied through a couple of different approaches. Firstly, by establishing secure passwords, making it much more difficult for cybercriminals to guess these combinations, ensuring the highest level of security for our devices. Secondly, using single sign-on negates the need to remember lots of different passwords for business use, adding an additional layer of protection with multi factor authentication. Then thirdly, you should consider whether a password manager would be suitable for you as this will help keep your online accounts and passwords more secure.”
