Wednesday, March 29, 2023

So, you have different passwords for everything. Are they strong enough?

VIRGINIA BEACH — Let’s be honest… Passwords are a pain.

It’s the 21st century and you need them for everything: Your home computer, your work computer, your cellphone, your email accounts, your bank accounts, and for all of the bills you pay online.

It’s a never-ending cycle of remembering and forgetting and resetting.

While it’s irritating, it’s also crucial to have good, strong, unique passwords to help protect your personal information.

“All personal electronic devices should use a strong password. Nothing is exempt from potential cyber-attack,” said Charles “Chip” Sanford, director of the Institute for Cybersecurity at Regent University.

A stronger password provides greater protection against intrusion and attack by making it harder for a hacker to breach your device, or for someone who is standing behind you to “shoulder surf,” Sanford said.

Hackers sometimes use “trial and error algorithms” to try and steal passwords in what are called brute force attacks. The faster their system, the faster they can obtain someone’s password.

“Slow them down with longer, stronger passwords,” Sanford said.

What makes a password a good password?

A strong password, Sanford said, is generally considered one that is longer with a variety of letter-number-symbol combinations.

“Strong passwords are 10 characters minimum, but the longer the better. They should contain a mix of uppercase, lowercase, numbers and special characters,” Sanford said. “Do not establish passwords that contain words spelled out, and do not have passwords that contain personal information including family names and numbers such as one’s maiden name or house number.”

Information Security professionals are now encouraging pass phrases with some of the characters being changed to a number or a special character. Phrases are more memorable and easier to type.

“The best phrase is something about you that you will remember for the rest of your life, but not easily guessable,” said Don Murdoch, associate director for the Institute for Cybersecurity. “For example, many people had a childhood friend or a favorite memory which can be turned into phrases.”

An example, he said, might be “MyF!ristFru!tWasAPeach,” which is an actual phrase, easy to remember, with a couple of exclamation points replacing the letter “i” to make it more difficult to hack.

How the heck can I remember all of these passwords?

So you don’t want to use the same password for multiple accounts, but you’re worried that you won’t be able to remember more than a couple.

“At this point, save yourself the mental strain or the risk of writing it down by using one of many capable Password Managers now on the market,” Sanford said. “Password managers take the guesswork out of creating, storing, and retrieving passwords.”

Many of the commercial offerings integrate with multiple web browsers and have a smart phone component, Murdoch said. Multiple choices are usually available in both the Android and Apple app stores.

The head-shaking stories of people and even major companies not changing passwords on servers and other devices as they’re taken out-of-the-box are all too common and, Sanford added, not actually funny at all. Likewise, using passwords that contain easily identifiable personal information such as house numbers, Social Security numbers, and birth dates are also common, as well as unwise.

“The price of an intrusion is too high to make it that easy,” he said.

Cyber attacks are very real and getting more robust and creative every day.

Sanford said personal devices are just as vulnerable to the threat as the networks of large organizations and the critical information they house. Everyone, he added, needs to take the threat seriously by taking adequate precautions to protect their personal information.

“Use two factor authentications as much as possible,” Sanford said. “In addition, as our homes become more and more automated, those products that make our lives easier running on home networks are also vulnerable to attack and provide more ways for your information to be compromised.

“Learn how to take adequate precautions as you increase the automation of your life,” Sanford said.

Related Articles