- Password Management
- words that can be found in dictionaries e.g. ‘Lemon’ or ‘love’
- simple passwords e.g. ‘12345’, ‘aaaaaa’, ‘1234abcd’ or ‘password’
- something that could be guessed from your social media profiles e.g. your dog’s name or your birthday
- the same password on different websites e.g. on Facebook and Twitter
- context-specific words e.g. ‘instagram-ILOVEyou’ on Instagram
- physical notebooks or unsecured files, software to store your passwords
- at least eight characters (but ideally more)
- a mix of characters:
- capital letters e.g. ‘C’ (perhaps not the first letter in your password as it is too common)
- lower case letters e.g. ‘w’
- numbers e.g. ‘7’ or ‘75’
- symbols e.g. ‘<’, ‘+’, ‘>’ (some platforms prohibit certain characters)
- try a twist on a personal affirmation (e.g. Dontevergiveupmyfr1end!667)
- if possible, consider enabling multi-factor authentication (MFA) and biometric verification as they add extra layers of security
- use a trustworthy password manager app e.g. Enpass and use very strong master password for it
- Longer passwords inherently have more combinations, making them more resilient against brute-force attacks.
- Long phrases or sentences are more user-friendly.
The image above is from https://xkcd.com/936/.
- Incorporating a mix of uppercase letters, numbers, and symbols enhances resistance not only against dictionary attacks, but also ‘smart’ brute-force attacks AKA mask attacks, which apply patterns, rules, or masks based on common words, phrases, or structures.
- Still, avoid making passwords too complex to remember.
Both length and complexity are crucial aspects of a strong password, and finding the right balance between the two can enhance password security significantly. Here’s a breakdown:
Advantages: Longer passwords increase the number of possible combinations, making brute-force attacks more difficult. It allows for the usage of phrases or sentences that might be easier to remember.
Disadvantages: Extremely long passwords can be cumbersome to enter, especially on mobile devices or platforms that log users out frequently.
Advantages: Adding a mix of uppercase letters, numbers, and special symbols makes the password harder to guess, providing resistance against dictionary and brute-force attacks.
Disadvantages: Complex passwords can be challenging to remember, leading users to either write them down or use password managers, which might also have vulnerabilities.
Utilizing a passphrase with mixed-case letters, numbers, and special characters offers an effective blend of length and complexity. Such a password remains resistant to a wide array of attacks, including brute-force, dictionary, and rainbow table attacks.
Combining length and complexity doesn’t necessarily mean having a complicated password that is hard to remember. Using easy-to-recall phrases, substituting letters with numbers or symbols, and adding variation in letter casing can make passwords both secure and user-friendly. Remember, no approach is foolproof, and enabling multi-factor authentication (MFA) where possible adds an extra layer of security.
Create a base phrase and add service-specific modifiers:
- For Facebook:
- For ResearchGate:
Bare in mind that different services have different requirements for password composition. For instance, while some allow the character ‘:’ some don’t.
Evaluate your strategy using online tools like howsecureismypassword.net. Avoid testing your actual passwords; instead, evaluate the methodology (your pattern).
Consider simplifying your digital presence by minimizing the number of accounts where possible.
Header image was generated with Image Creator (DALL·E 3) on 19 October 2023 at 20:33 pm using “students trying to create strong passwords in a futuristic library”.