When it comes to creating the strongest and most secure password, there is no perfect recipe. If there was, we’d all end up with the same one! However, there are steps SMBs can take to ensure employees have the most ‘optimal’ password security to protect both their own and the company’s valuable information.
The Key to Creating a Strong Password: Knowing What a Weak One Looks Like
The first step in creating a strong password is knowing what a weak one looks like. Often, weak passwords include common words or phrases, are easy to guess, and are short. Here are a few examples of weak passwords, and password characteristics, that SMBs should recommend their employees avoid:
- While “password” and “1234” may be easy to remember, they are two of the most common, and most commonly hacked, passwords out there. These are simple passwords that can not only be easily guessed by humans, but also be easily identified by automated programs designed to hack your system.
- Using a name, birth year, anniversary or any other identifiable date is risky. These distinguishable pieces of information are easily guessed, and if they can be easily guessed, your systems can be easily hacked.
- Too short a password leaves employees vulnerable to hacking. The longer the password the harder a hacker, or their code-breaking software, will have to work. This one is crucial.
- Don’t be obvious in password codes and substitutions. For example, the password “Ca$h” is not only too short, but the substitution of the dollar sign for the letter “s” is quite common and easy to guess.
Tips for Developing a Secure Password
In short, employees must work to create a strong, unique and lengthy password that is also easy to remember. This sounds more difficult than it actually is. Here are some tips and tricks for employees to put into practice:
Incorporate phrases into passwords
An easy and clever way to devise a memorable, yet secure, password is by incorporating a phrase. The length of this phrase is important as each character added makes it that much harder to crack with brute force tools. Be sure to include spaces in your password if the site allows.
For example, take the phrase “snow white and the seven dwarves”. If spaces aren’t allowed, it could be altered to “SnowWhite&the7Dwarves.” It’s still easy to remember yet much more difficult to guess or crack.
Combine and customize it for specific sites
One of the most basic cyber hygiene practices is to refrain from using the same password for multiple sites or platforms. For many employees this can be difficult, as they don’t think they could possibly remember all their different password combinations. However, developing a unique yet consistent password style with only a few changes per the login site could help.
For example, let’s say your Amazon password is “Snow White and the Seven Dwarves Amazon.” Employees could then adjust this format to suit other logins, thereby creating an easy to remember password style while also having a unique password for each platform. Facebook would be: “Snow White and the Seven Dwarves Facebook” and so on.
Have fun with it
These days most computer keyboards have between 101 and 105 different keys, giving employees plenty of opportunity to devise unique password combinations using not only the letters, but also the many symbols and characters found on the keyboard.
Adding emoticons like “8D” or “:<” with commonly allowed symbols is one way to instantly make a password stronger while also keeping it easy to remember. Another way to boost password strength is by ‘drawing’ on the keyboard. For example, take the password “cft6yjm”. This seemingly random sequence of letters and numbers is hard to remember; however, once you realize it forms an arrow on your keyboard it becomes a lot easier!
Once employees have landed on a password there’s only one step left: making sure they keep their new password secure. It is important that SMBs remind employees that password maintenance is a crucial component of password security. Here are a few password maintenance reminders to share with employees:
- Do not reuse passwords. If employees choose to use the same password for social media platforms, shopping sites, bank logins as well as company platforms and just one of them gets breached, they are not only at risk of hackers or criminals gaining access to their info on all their other platforms, but they are also putting their company at risk. This is why we recommend phrases customized by site.
- Do not share passwords. It may be tempting to share passwords with family members and friends, but the second a password is in another’s hands the account becomes less secure.
- Do not write passwords down. While tempting, this is a basic cyber hygiene practice that everyone should be following, especially at work.
- Use a password manager. There are plenty of applications that store passwords for employees securely. If your employees have a hard time remembering all their passwords, it could be time to invest in this solution.
Tyler Moffitt is a Senior Threat Research Analyst at Webroot who stays deeply immersed within the world of malware and anti-malware. He is focused on improving the customer experience through his work directly with malware samples, creating anti-malware intelligence, writing blogs, and testing in-house tools. @Spaceship_BTC