Hackers use multiple methods for trying to get into your accounts. For many years we have been told to create long and strong passwords. Often a mix of numbers, upper/lowercase letters and special characters. However, these can be quite hard to remember and at the same time they can be quite easy for computers to guess.
Security advocates now recommend another approach much better tailored to how our human brain works.
Tricks for creating strong passwords
People remember sentences
People are good at remembering situations or sentences that present a message we can relate to, some of us are also very good at remembering text if it is in the form of a rime or in a song.
We should take advantage of this and apply the same when creating texts remember. In other words, instead of passwords we should create passphrases. Because, the longer a password is, the harder it is to guess, or for hackers to crack using computers.
An example could be:
“My dog always barks at the postman”
“I love the smell of coffee in the morning”
Use human aspects in the passwords
These sentences are much longer than ordinary passwords, which makes them many times stronger, and they include the human aspect where they relate to something that we can feel, have felt or can visualize in our memory. As soon as you apply the principle of visualizing something, then your brain is much better equipped to remember it.
If you look at the text, you will see that it still contains upper + lowercase letters, it also contains spaces, which is a special character. It does not contain numbers, there really is not a need for that, but if you still encounter requirements to have this, just try to incorporate a number to it, to be compliant with the rules.
Instead of passwords we should create passphrasesOLE MARTIN REFVIK, HEAD OF SECURITY, ADMINCONTROL
If you mathematically (based on computing power) evaluate the strength of these passphrases you will find that to crack these using computers, it will take more than 10 000+ centuries to guess. This makes it impossible for any hacker and ensures that your data is safe.
If you compare this with a typical password requirement of 8 characters, upper + lowercase + numbers + special characters, like:
“Thorough2%” – It looks strong, does it not ?? It is even 10 characters with special characters and all that. This only takes 4 hours for an attacker to guess using computers – Ouch!
“Xs5dfg%–” – This takes 12 days to hack using computers, and you probably will not remember it anyway.
– I have so many passwords and accounts
With the amount of accounts it is typical to have in today’s online world it can be quite challenging to keep track of all of them. Even with good and rememberable passphrases, this can be a daunting task.
The best solution to this is to use a secure password manager. A password manager is a specialized software created specifically to keep your passwords and account information secure, while at the same time providing you with usability features to ease the login process by automatically entering your account information with the help of browser add-in’s
You can think of the password manager as your password vault, since it securely stores your account information in encrypted form on your device or in a secure cloud solution, depending on the product you choose.
All you must do is to create one strong password/passphrase which you use to open/unlock the password manager, then you store all your account information and credentials within the program.
There are many good password managers on the market, instead of me naming specific products, a simple google search on “secure password manager” would give you a list of password managers to choose from.
What about my existing passwords and accounts?
If you don’t have a long and very strong password on your existing accounts, I recommend you to update these and create stronger passphrases, or use the password manager to create strong passwords for you.
You should closely monitor if any of your existing accounts have been affected by a data breachOLE MARTIN REFVIK, HEAD OF SECURITY, ADMINCONTROL
Data breaches do occur, and such would disclose your account details including your username and password to hackers. Even larger companies have been shown to not take security seriously enough. You should therefore also closely monitor if any of your existing accounts have been affected by a data breach.
For this purpose I would specifically recommend that you check your email address using a public service like https://haveibeenpwned.com/.
Here you enter your email address to get a list of known breaches where your email address has been part of the breach. If you are affected, make sure to create a new and strong password for that service and never use the old again. In addition, you can subscribe to updates of any new breaches.
Good luck on creating your new passphrases!
If you want to discover other ways you increase security in these fast changing times, you may also be interested in our handbook on how to manage the impact of hybrid working on cybersecurity.