123456 isn't good enough anymore

Creating Good Passwords

Posted By

Passwords have been around for centuries! (Think back to ancient Arabia – “Open, Sesame!”). That means for centuries, people have tried and succeeded in stealing passwords.  Passwords have become more prevalent even today; protecting everything from our most important financial information to our all important Facebook feeds.  Though not perfect, a good password is an essential first step in securing your private information.  

Here are a few recommendations you can use to keep your info secure.  First, we have to change any password that matches the most used password list.  Do you have a password that matches this list:  password, 123456, 12345678, qwerty, 123123, 111111, P@$$w0Rd?  If so, you need to stop reading, and change that password right now!

The next step is to make sure you have a long password – at least 12 characters long.  It takes a computer .29 milliseconds to crack a 7 character password, 5 hours for 8 characters, 5 days for 9 characters, a decade for 11 characters, and 2 centuries for 12 characters.  

Don’t recycle those old passwords. Maybe you received a notice from your bank forcing you to change your password due to a data breach that may or may not have affected your account.  You give the new password a try and well – it just isn’t as memorable as the old one, so you decide to recycle your old one.  Passwords that are compromised will stay on the dark web forever.  That means once you think a password might have been stolen, it is time to get rid of it for good.  

At this point, you might think I’m going to create the granddaddy of all passwords – one that no one will hack!  Think again.  My next two tips are to never use the same password across two systems – i.e. for your banking and email – and change your passwords periodically. How often you change your password depends on your online habits, the sensitivity of the system, and who else could have access to that information. Maybe that significant other isn’t so significant anymore.

How can anyone manage all of this information? If I were to be held hostage by the mafia and the only way out was to tell you my password to my bank account, I would be swimming with the fishes. I personally only know two of my passwords.  One to get into my computer and the other is to access my password manager.  The last tip is to use a password manager, like 1Password. A good password manager will generate a password or phrase for you and store that password in an encrypted database.  

Even with a solid system for creating and managing passwords there are still a lot of vulnerabilities.  We are committed to providing you the information you need to make sound decisions about keeping your information secure.  Look for our next email to help keep you and your business safe.

Interested in knowing how we can help you implement password policies and password managers in your small business?  Email today, or reach out through our contact page.