Secure passwords are one of the pillars in information security practice. Whether you
are a home or enterprise users creating and managing secure passwords has become a daunting task that sometimes backfires at us.
It does not take long to crack most password login password, one of the main reasons is because people usually use common words as passwords.That's why a conscious approach needs to be put in place to make sure your passwords are hard to hack even if your system is compromised.
With that being said here we go:
1. Think of a PassPhrase: For years people have used single words for password, not only single words but common words that can be found in dictionaries. It doesn’t take long to crack password with common characters 1-0, a-z, A-Z using word or dictionary lists.
So the first advice for strong password is think of passphrase, instead of using “Monday23” as a password you may try “2 weeks ago on Monday tHe 23 rd, I joined the meeting @”. You get the idea, use a sentence as your password.
2. Use special characters: Yes, password are not limited to just letters and numbers. Depending on the system you can use special characters such as: !@#$%^&*()_+”., you can use spaces and anything in the ASCII special character chart.
3. Don’t just relying on substituting letters for special characters: for example substituting the letter “a” for the “at” sing (@), or number zero (0) for the letter “o” if you are using common words, i.e. Instead of using “Password” you use “P@ssw0rd”, though technically more secure it’s has become common.
4. Create a new password when chaning it: we are tempted to add an extra character at the end when forced to change our password. i.e. when changing Tr@Ff1c we use Tr@Ff1c11, Tr@Ff1c2, Tr@Ff1c3, etc. rather come up with a Adding an extra character to a previously used password makes it more vulnerable to brute force attacks.
5. Avoid words that are familiar to you: avoid things such as: your spouse name, children names, birth dates, pet’s name, work and industry related words. One of the first things hackers do is profiling and in a attempt to break your password a list of common words related to you can be created to run it against password cracking tool.
6. Use a password generator software: Coming up with a unique password for every application that requires can becoming a daunting task, that's why you can use a password generator software. Some have more bells and wizard than others but all of them accomplished the goal of strong passwords.
Just to mention a few:
Norton password generator
Ramdon’s Password generator
7. Use a Password Manager: this is especially useful when you have multiple accounts. A password manager is a centralize location for you to store all your passwords, usually a master password is created to unlock the database where all passwords are stored. There are plenty of Password Managers available in the open source and commercial market, you can do simple search for password managers and explore the option.
8. Use two factor authentication: something you know (a password\pin) + something you have (keyfob, code, etc.). Many financial institutions use multi factor authentication and many online services provider are following suit. Google has an option for a two factor authentication for users to access their services (http://www.google.com/landing/2step/).
9. Erase any password document, email, history, etc: Many people have a “password document” or an email where they store all their account information. Remember, it can be substituted with a password manager for better security. If you have a password document consider encrypting it.
10. Be Careful where you access your accounts from: be extra cautious when using public computers or networks, it does not take much to have a keystroke logger running in the background or someone sniffing your connection. This is where two factor authentication comes handy, even if your password is compromise they still need your the other piece to access the your account
11. Don’t use the same password for different accounts: this will help minimize the damange in case one of your accounts gets compromised
12. Check if your credentials have been compromised: you can check sites like "Have i been Spawned" https://haveibeenpwned.com/ to check if your credentials were compromised through a security breach.
13. Change your password periodically: some systems force you to change the password every certain amount of time. You can change your password even before preset reset time is up.
14. Use minimum a 14 characters password: especially if you are creating passwords in Microsoft Windows enviroments.
15. Enable password complexity: some systems allow you to enable this setting. What it does for you is that it forces you (or your users) to create security passwords.
Even though this article is about password security you can’t overlook other security measures such as: antivirus, firewall, IPS/IDS, disk encryption, file and folder encryption, and email encryption. After all, nothing is really accomplished if you have a strong password and poor endpoint secuirty because your system could be compromised and a keystroke logger installed.
Lastly, if you are using a Microsoft Windows environment you can use up to 127 characters for your password.