Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches

Password Security

Passwords are the first line of defense for pretty much everything ... websites, email, laptops, desktop and mobile phones. Various password-cracking methods exist which use automated software to guess passwords; the three main methods are to use dictionary words, a combination of dictionary and other combinations (known as hybrid) and brute force which uses all possible methods and combinations.

Choosing a strong password
The ideal password is long, complex, and easy-to-remember – but hard to break. Good passwords are often hard to remember so the examples below may help.

First pick a group of words
  • I have a black labrador dog called charlie
  • my house is in south-east london
  • my favourite rock band is the beatles
  • my favourite musical instrument is the saxophone
  • I got married in paris in france
   Take each first character and make a word
  • ihabldcc
  • mhiisel
  • mfrbitb
  • mfmiits
  • igmipif
Add a random word at the end
  • ihabldccapple
  • mhiiselemail
  • mfrbitbmicro
  • mfmiitsred
  • igmipifebay
   Further strengthen
  • ihabldcc@pple
  • mhii$elemail
  • mfrb1tbmicro
  • mfmiits-red
  • igmipif+ebay

Use a passphrase
A passphrase is similar to a password but it is made up of various words separated by spaces. Since passphrases are made up of multiple words they are harder to guess. For example: I have bright yellow hair and live in London.

The longer the better
A password of a few characters can be cracked using automated tools in minutes. Bigger is really better. Include upper case, lower case, numbers and special characters to enhance security.

Do not reveal your password
Never share your passwords with friends, colleagues or even family. Genuine sources will never ask for passwords over the phone or by email.

Do not write your password down
Never write your password down, especially next to a desktop, laptop or phone. If you need to store passwords, print them out and place the sheet in a safe.

Change your password frequently
Every so often change your password to enhance security and do not use previous passwords. Most large companies implement this as part as their IT policy.

Do not use your password for everything
As the saying goes “don’t put all your eggs in one basket”. If you use one password for everything and it is leaked then the criminal can access everything.

Use different classes
Separate password strengths by classes ... one for website forums or unimportant websites, one for emails and one for internet banking.