Docs Information Security

Make Strong Passwords to Boost Security

Image Description
Taube, Dan Published on Oct 12, 2020 

Password illustration by Gino Crescoli from Pixabay.

Week 2 of National Cybersecurity Awareness Month

October 2020 is the 17th year of organizations promoting National Cybersecurity Awareness Month to help their users be safer and more secure online.

This article is from the National Cybersecurity Awareness Month 2020 series.

Managing passwords can be a challenge. Most of us don’t have just one or two passwords, but dozens when you include work and personal accounts.

Keeping your passwords updated and secure just adds to the challenge, but it doesn’t need to be hard. By making a few simple practices password habits, we can help improve security and make our passwords easier to manage.

How Long is Long Enough?

The longer your password or passphrase, the harder it is to crack. Most experts recommend that your password length should be at least 11 or 12 characters - longer is better. Even adding just one character to your password can boost its security exponentially.

Time to Crack a Password

While there are many factors that go into determining the strength (or rather weakness) of a password, this table provides some insight into why length is so important.

LengthAlphanumericWith a Special Character
9 characters2 minutes1 minute
10 characters2 hours2 hours
11 characters6 days1 week
12 characters1 year2 years
13 characters64 years2 centuries

Source and additional reading: https://blog.codinghorror.com/your-password-is-too-damn-short/

Passwords Versus Passphrase

Cybersecurity experts debate whether it’s better to use a password or passphrase. But a passphrase is just a kind of password that uses a series of words instead of a series of random characters, so does it really matter what they call it? What’s important is that whatever you use - passphrase or password - it’s long and secure.

Are your Passwords Secure?

You should not use the same password on multiple sites. If one of those sites were to be hacked, your username and password combination could be shared with other bad actors who will try that same combination on many other sites. Don't put yourself in the position where if one of your accounts is breached, all your accounts are breached - create a new, unique password for every account and make sure none of your accounts share the same password.

Check if you were breached

There are a number of free tools you can use to check if your password might have been shared with others online. Websites like https://haveibeenpwned.com/ , https://breachalarm.com/ , and https://passwords.google.com/ check your info against a list of hacked records.

If your account comes up, you should change your password at the referenced service and anywhere else you may have used it.

What about Password Managers?

A password manager is a great option. It can create hard-to-crack passwords, and then remember them for you. To access your password manager vault, you just need to remember one master password, not dozens. There are plenty of free password managers available for download and use on your computer or mobile device. You can contact the Information Security Office for recommendations.