Why do complex passwords matter?
Passwords are the currency of the Digital Age. People use passwords locally on their computers, WiFi, Routers as well as for every password-protected corner of the Internet. In order to remember and keep track of all the logins of their lives, a lot of people use the same one, two, or three passwords often using the same ones for 5+ years. Even more concerning is that many people use passwords that have very poor password security — names, nicknames, dates of birth, maiden names, and other obvious and predictable information.
These approaches to password security are very risky, because once thieves guess or otherwise gain access to one login, they can usually access many different pieces of victims’ information and wreak havoc on their personal and financial lives.
It’s important to understand that password complexity relates directly to password security. Sophisticated identity thieves use programs that generate passwords using combinations of personal information, such as phone numbers, addresses, family middle names, and more. These programs are capable of many thousands of login attempts per hour.
Since passwords grant access to bank and credit card accounts, federal tax accounts, social media sites, online gaming, shopping accounts and a variety of other aspects of people’s lives, the stakes are very high. It’s each person’s responsibility to use a new password for every login and to make sure that each is complex and unique.
The idea is overwhelming, my first thought is that it would be unlikely for me to have a different complex and unique password for every login I have, throw in the idea that I shouldn’t write them down and should change them annually if not a couple times a year is down right impossible. The second thought is that as an IT Professional how can I even prescribe such a thing to clients if I can’t implement it in my own practices?
The solution to this dilemma that I’ve found for myself is the use of a password management program. I’m not going to endorse any specific program here as I’d encourage you to research the options and choose the option whose security model you are comfortable with. The solution I use is a paid service, it’s cloud based, it sync’s passwords between my devices and utilizes multi-factor authentication to initialize access on a new device.
Whether you opt to use unique passwords per login or not, whether you opt to utilize a password manager or password vault to manage your passwords or not I encourage you to at minimum utilize a complex password rather than something simple.
Passwords do not’s:
- Obvious combinations, such as abc123, yournamexyz or yourname1, combinations of addresses and phone numbers, or your mother’s maiden name
- Any part of the user name with a slight variation for the password
- The word “password”
- strings of sequential numbers or letters such as:123456 or abcd…
- Words in the dictionary
- Any personal information at all
Complex passwords usually utilize:
- Be at least eight characters long
- Contain a mixture of upper- and lowercase letters
- Contain one or more numbers, and symbols, such as *, ^, }, |, ), _ etc.