Skip to main content

Password Complexity

Michael Terry
Updated

Tips and Tricks to help keep you safe online.

As you may have seen in the news and the latest versions of DfE requirements, there has been a much larger focus on Cyber Security than ever before.

It's a lot to take in, and it can be overwhelming at times, so I thought I would create a reminder and guide following on from our Passwords Cyber Security Training released around Easter this year.

 

Complexity

It's really important to keep all of your password's complex.

At a minimum make sure your password includes at least 3 of the 4 following:

  • UPPER case
  • lower case
  • Numb3r5
  • Spec!al Ch@r@cters

A bad password would be something like "Welcome" or "Monkey" or "Password". A better password would be something like "W3lc0m3!!" or "M0nk3yBu5!n355" or "P@55W0rd123!" however these are some of the most common passwords used around the world, so still not meeting the full requirements. This brings me onto...

 

Common Passwords

These are some of the most common passwords used ever, if yours is anything close to any of these, please change it:

  • Consecutive or repeating numbers ("1234567890" or "111111111")
  • "qwerty"
  • "password"
  • "1q2w3e"
  • Childrens Names (The most popular are: Eva, Alex, Anna, Max, Ava, Ella, Leo, Jack, Ryan, Daniel)
  • The year in which the password was created
  • Sports teams (The most popular are: Liverpool, Chelsea, Arsenal)
  • Most Swear words
  • Places and Holiday Destinations
  • Any Month, Day, or Season, Birth Year, or Special Year (like an anniversary)

 

How fast could a common insecure password be cracked by a brute force attack?

(this is a computer starting at "a" and working all the way to zzzzzzzzzz...)

 

Courtesy of https://www.security.org/how-secure-is-my-password/ we can see just how long it would take:

  • Welcome - 25 Seconds
  • Monkey - 4 Seconds
  • Password - 22 Minutes
  • W3lc0m3!! - 3 Weeks
  • alexeva23 - 42 Minutes
  • 1234567890 - Instantly
  • qwertyuiop - Instantly

 

Using what we learnt in our complexity section, we can see that "P@55w0rd!" looks complex, however it also falls under one of the most commonly used words around the world, so how do we fix that? 

 

Creating a unique and secure password

So far, most of the focus has been on what not to do, which is helpful. However if you're like me you're probably thinking "great, so what can I set as my password then?!"

 

My favourite advice is to take 3 unrelated words that mean a lot to you, (that don't come under the above list of common words/passwords). You can also use a word generator, or another method such as What 3 Words - Hunt down 3 places, take your 3 favourite words, and merge them into 1 password, like this:

 

Place 1:

Gives me: Pretty Needed Chill

 

 

 

 

 

 

 

 

 

Place 2:

Gives me: Water Sugar Memo

 

 

 

 

 

 

 

Place 3: 

Gives me: Rumble Paint Passages

 

 

 

 

 

 

I merge together these 3, to create "Ch!ll Sug@r Rumbl3" - note this password is using UPPER case, lower case, numbers, and special characters, and even spaces! (Yes, you can usually use spaces in passwords, although some sites don't allow this). It's 19 characters long and would take 3 hundred quadrillion years to crack it.

 

I'll go into storing and hiding passwords in plain sight in another post, but a password like this would be extremely hard to guess but much easier to remember than a randomly generated password of gibberish.

 

Multi-Factor Authentication (MFA)

Ok, so we have a really secure password, what about MFA?

MFA is more important than ever in the digital world, as the password is a single factor of authentication (something you know) whereas Multi-Factor Authentication means that an attacker would require something in addition to "something you know", and we add a "something you have" into the mix with Multi Factor Authentication.

 

This means even if your password gets compromised (unfortunately this is still possible, even with a password like the one above), with MFA they would struggle to log on as you.

 

Summary

  • Ensure your password is strong and complex, avoiding commonly used words, passwords or phrases, ensure it's at very least 8 characters, however the more the better.
  • Ensure you use a combination of at least 3 of 4 key elements (upper, lower case, numbers, and special characters).
  • Consider using 3 unrelated words that are easy for you to remember, but hard to guess, don't use DoB, children's names, sports teams, special dates etc. If I've mentioned it in this article, it and any variants are too common to be used!
  • Continue reading the next episode here: https://catrustorg.sharepoint.com/sites/IT-Hub-Announcements/SitePages/Password-Security(1).aspx

 

What's Next?

If you'd like some further reading, here are some good articles, and links:

https://cybernews.com/best-password-managers/most-common-passwords/

https://support.catrust.co.uk/hc/en-us/articles/5531598451741-Introduction-to-Multi-Factor-Authentication-MFA-

 

I'll also be creating some follow up articles discussing password sharing, and password managers.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk