With one of the most commonly used Pa$$w0rds being 123456, how do you create a great Pa$$w0rd?
Tom Wilcox, Infrastructure Engineer, Fabric
What makes a great Pa$$w0rd is one of the most unexciting yet most important questions when it comes to digital security. If like most people in this day and age, you use the internet, then it’s likely that you will use a password anywhere from 1 to 100+ times a day.
Passwords were traditionally used by the Romans and were called Watchwords. Over time the use of Watchwords grew in popularity and eventually made their way into the digital world when MIT (Massachusetts Institute of Technology) introduced the first ‘time shared’ computer system in 1961.
Over the years, various best practices and beliefs have stood the test of time such as including numbers and symbols and using both upper-case and lower-case characters. Strong passwords aren’t always enforced which can, unfortunately, lead to the use of very easy to guess passwords. As of 2018 Wikipedia lists the top commonly used passwords was: 123456, password, 123456789, 12345678 and 12345.
Even when complex password security is enforced, passwords can still become predictable – for example, P@ssw0rd.
Unfortunately, it’s in our human nature to forget things, our brains are not optimal for storing information but are great for processing it which is why ‘to do’ lists and digital notebooks such as OneNote are so popular in our world of information overload.
So, what does make a great password?
Choosing a password can be difficult especially when strong password policies are enforced. But there is an easy way to pick a good secure password. Just think of phrase or lyric that you will never forget but perhaps not your favourite song you that you sing around the office!
For example, let’s take the classic Rick Astley anthem ‘Never gonna give you up’; we could use a chorus line to generate a memorable passphrase: ‘Never.Gonna.Give.You.Up!5’. This password would take about 82 decillion years to crack on a standard PC and about 82 octillion years with an average botnet farm and is super easy to remember.
It’s the combination of upper-case, lower-case symbols and the most importantly the length that make this password secure. Every time you add another character, it makes the password much harder to crack.
How often should you change your password?
The way forward with passwords is to choose a good strong password and change it less often. The ‘National Institute of Standards and Technology’ recently recommend changing passwords less often as this reduces the likelihood of you jotting it down on a post-it note in case you forget it.
You should however always change your passwords if you are aware of a security breach of a service you use even if the password isn’t on the same service.
With facial recognition and fingerprint security, biometrics are in the hands of the masses. While this technology is almost always layered on top of passwords as a backup method, as things improve and become more robust, we may move on from the password.