What constitutes a good password and why it is important to have one?
Quite simply; your password is the key to your IT castle. The walls you carefully build around your business data are of little value if the front door lock is easily picked. The idea that passwords should be long and complex is one of IT industry’s sacred cows, and yet many users stubbornly stick to passwords such as 12345, Password1 or Jimmy1970; which often takes less time to crack than to type them. The question “So, what constitutes a good password?” is a common one.
What is a bad password?
What is a good password?
- Use abbreviations combined with uppercase, lowercase, numbers and punctuation. It should be at least 8 characters and never include any aspect of your username or company name. A good example of this might be JgtS@0805em! The question of how to remember this is answered by – JonnygoestoSchoolat08:05everymorning!
- Combine several unusual and unrelated words together that mean somethign to you. Avoid meaningful phrases or quotations though. Purely as an example of this; something along the lines of VolcanoKettleBoots …. throw in the year and a special character to get VolcanoKettleBoots20!
Both of these passwords (as illustrations only of course) would give most password hacking tools a challenge.
Should I use a completely different password for each site or service?
Are password managers a good idea?
These can be a good idea and address the most common concern; “how am I expected to remember all these passwords?” Of course, as the repository for all your passwords for your company data and sites it is analogous to keeping all your eggs in one basket, and are frequently the target of considerable interest from the hackers for obvious reasons, but as most things in life it is a balance of risk.
In 2015 LastPass, one of the largest providers were partially breached, but claims that none of their 7 million user accounts were compromised. Set that possibility however against the hazard of using the same or similar weak password over multiple sites and the password manager still looks an attractive option, although we suggest you avail yourself of two factor authentication alongside a strong master password when using any such service.
Should I use multifactor authentification if available?
Definately yes! We have an article on that subject here