Passwords have become an almost overwhelming burden for users: you need them at work; you need them for personal accounts and memberships; every single one should be different; and you must change them every so often—but all on different schedules. Then on top of that, they must be at least so many characters long and they require uppercase and lowercase letters, numbers, and special symbols.
But wait, there’s more…
You’re not supposed to write them down, and you definitely shouldn’t store them on your computer in a spreadsheet called “private” or “passwords.” And to make matters worse, now you have to worry about the ones you actually remember (because you’ve used them for a long time) belonging to an account that gets breached by a cyber criminal and suddenly your credentials are for sale on the dark web. Or a hacker who conducts social engineering scams works into your network and figures out what your favorite-pet’s-name-and-street-address password is.
One way companies are trying to get around passwords is through biometric logins. Think of your cell phone and how you simply press your thumb down or use facial recognition to unlock it. These aren’t passwords, but they haven’t replaced your Apple ID or Google account password either. You still need that for certain activities such as accessing and changing your services.
So how can we make passwords harder to crack until we can get rid of them completely?
Proper security consists of multiple layers of protection. Think of a castle on a hill. It was built on a hill so the people in the castle can see things approaching long before they arrive. It also has walls too high to climb, long-distance weapons, guards, and it’s surrounded by a moat. Each of these elements makes it harder and more time-consuming—and therefore, less attractive—to try to break into.
Your security should be set up the same way.
One added level of protection companies are using more commonly now is called multi-factor authentication (MFA). This adds in a step during login designed to prove your identity. For example, after entering your user name and password, you may see a new field to fill in such as a code that gets texted to your cell phone. That way, if someone has your login information, but they’re not you, they won’t have your phone and won’t receive the code to complete logging in. MFA is a good example of adding in one of those extra layers of protection for added security.
There’s a risk that comes with feeling more secure, however, and that is that people think any old password will do now. Since you know you have another checkpoint, you think you can get away with a simpler password. It’s understandable, but mistaken logic. Easy-to-crack passwords put us all at risk.
So to make sure you’re keeping your information protected, use the following tips for strong yet easy to remember passwords.
- Use substitutions. This is where you use characters to mean other things. These can be simple substitutions of numbers or symbols that look like the letter you’re replacing such as A with an @ or 4; S with a $ or 5; E with a 3, etc. However, many attacks on passwords are starting to figure thing out, so you might instead use <3 for Love or Heart, or the number 8 for the word Ate.
- Use a passphrase. This is a phrase or sentence that has special meaning to you so you’re not likely to forget it. The longer the password, the harder it is to crack. And by combining a passphrase with substitutions, you can make an easy-to-remember but difficult-to-crack password. For example, the phrase “Home is where the heart is” could be changed to something like “H0m3!swh3r3th3<3!s” if you know that every e is a 3, every i is a !, and that you used <3 for heart. It’s simple to remember but effective as a long, hard-to-crack password.
- Avoid personal information. Please do not use very specific-to-yourself data in your passwords. Try to avoid using a spouse’s or children’s names and birthdays, especially written in any type of order. For example, “Charles1995” or “31Charles95” could be easily identified by someone who either knows you well or uses various search engines to get your information. If you want a password close to the heart, try something like: “MyHusbandProposed@@Cruisein2009!” or “MyseconddogsnameisSn00py!” Long phrases, easy to remember, combined with substitutions.
Hopefully, these tips will help ease the frustration caused by passwords. We need them to keep our information secure and to protect our networks. So remember to make your passwords as long as possible, at least 10-12 characters. With substitutions, they’ll be easier to remember and stronger at the same time.
Now find out how to protect yourself from social engineering scams, or dive into the facts behind phishing so you can stop falling for those fake emails.