Strong Passwords

The web can be a wonderful place, but it can be very merciless. Always remember that once something goes over the wire, it is out of your hands.  Always use strong passwords for websites and use a different password for each site.  This can make it hard to remember you passwords, but in situations of data leaks, as we have seen before and will see again, you will be glad you did.  Too often users will have the same credentials for social sites such as facebook or linkedin that they use for managing bank accounts or commerce like amazon and paypal.  Once the information is exposed it makes all sites you use vulnerable.  Lets take this opportunity to change your passwords!

There are many password managers out there that are free and will keep up with all of these sites credentials for you such as LastPass. Most include password generator tools to help ensure you have strong, random passwords that will not be easily guessed.  So what makes a strong password?  Should it have mixed case, numbers, special characters, more than 8 characters?  In reality a mix is required. Industry standards tell us 12+ characters with no names or dictionary words with at least 1 digit for each of the items mentioned above.  Password managers will help keep track of these complex passwords, but some people do not trust all of their secrets in one place.  For that you can try a different approach that is less secure but better than having weak passwords.

Make a secure passphrase and not a password.  Take a phrase that is easy to remember.  For this example let’s use..

here I am on the road again

To start, let’s make it a correct sentence.

Here I am, on the road again.

Now, let’s remove the spaces and change letters to similar looking numbers.

H3r31am,0nth3r0adaga1n.

Looks pretty strong so far, but we still want a different password for each site. That is a lot of phrases to remember.  So let’s modify this one for each site.  Let’s make one for ebay and another for facebook. Our password is pretty long already at 23 characters, adding much more may cause it to be too long for some sites or harder to remember.  Let’s see how ebay and facebook look without vowels (by and fcbk).  Now, let’s append our site name to the password. Place them where you want, how you want, but in this example we will put it at the end with the help of an plus symbol +.

H3r31am,0nth3r0adaga1n.+by
H3r31am,0nth3r0adaga1n.+fcbk

Above we have our new passphrases.  This approach is not as secure as a randomly generated password but you will have a very strong password and you will have a unique password for each site.
 

Ryan Stephens 

Senior IT Security Consultant at Upton Technology