Oscar Marquez, CTO at iSheriff, provides some top advice on how to create super-strong passwords
One of the most important aspects of an IT security professional is being able to not only have a strong password, but also teach others in your company to follow this same password-making process as well.
You are only as strong as your weakest link, and we all know that most cyber-attacks start from human error. The dos and don’ts of making a secure password may seem tedious at first, but in the long run it’s the best option to stay protected.
First step, we will get rid of idiom “passwords” because now we will be creating “passphrases”. You don’t want to just use one or two words as the main part of your passphrase.
Dictionary and brute force attacks are becoming more advanced, cracking single word passwords in minutes. What you want to do instead is take a phrase that you can remember, but not something too relatable to yourself. Some examples would be like the chorus from your favorite song or the first sentence in your favorite book. Use my example below for now:
“She had them apple bottom jeans, boots with the fur”
You will now want to take the first or last letter from each word and cram them together, this will be the base of your passphrase:
Next, you want to make a few of the letters capital:
Try to have at least two letters capitalised. Now take your phrase and add a number or special character on the beginning/end of the phrase.
The last step is to make sure it is 14 characters long or more. My example has only 12 so I would want to go back and add 2 more characters to the phrase:
There you have it – simple as that. Now you have a password that meets the length criteria and is well out of the scope of any dictionary attack. You will also have an easy time remembering this one because the base phrase is something that you have memorised anyway (a song or phrase). The idea is to find something that is easy for you, and only you, to remember for your base phrase, then the rest will fall into place after a few times using the password.
Creating a strong passphrase is very important, but never write down your phrases. It doesn’t matter if they are in a safe. Creating a super-secure password will do you no good if it can’t be memorised. Now let’s say that you have a lot of accounts with different passwords, you can solve this by getting a password locker. It is a tool that holds all of your passwords on your computer, with one master password to unlock the others.
This way you only have to memorise one secure password. Congrats! You can now train passphrase creation. Take what you have learned and spread this knowledge throughout your company. The employees are the first line of defense and need to be well prepared for it.
How much do you know about Internet security? Try our quiz!