You’ve probably heard the big password news lately—everything you know about password security is suddenly wrong! This shocking headline has splashed across news outlets across the internet, and people have been changing their passwords out of security fears. What has changed with password security, and how can you protect your passwords?
The new password security ideas came when Bill Burr, former manager for the National Institute of Standards and Technology, publicly said that he regretted the password guidelines he had created in the 1980s. The suggestions of random symbols and numbers in a single word password have led to some strange creations which aren’t difficult for computers to guess—but are hard for people to remember. The new guidelines for passwords increase security and make the passwords easier for users to remember.
Use pass phrases
Instead of a single word for a password, try using a pass phrase. A string of words creates a much longer password, which is more secure. Remembering a simple phrase is also much easier for your brain. Try to pick a series of random words—a now-famous example is “CorrectHorseBatteryStaple,” an easy-to-remember password that would take up to 550 years to crack.
Change passwords only when needed
Many businesses have taken the advice of changing all passwords every 90 days. However, this leads to employees making only minor modifications to their passwords such as changing a single number or adding an exclamation point to the end. With all the password changes, many employees will forget what the current one is. The most common workaround is the employee writing their password on a paper note beside the computer—which ruins the point of having the password in the first place.
Don’t use common phrases
The problem with using pass phrases is the natural tendency to use a common phrase. Try to avoid things like idioms, names, or titles of movies. A study of pass phrases has found that most people use everyday phrases such as “bedtime story” or “out of the park.” While these phrases may be difficult for a computer to guess, a hacker speaking the same native language as their target might be able to guess them with ease.
When you’re choosing new passwords for your computer or network, keep these new tips in mind. You’ll have a unique password that you can remember, and no one else will discover. Don’t skimp on password security—choose a good phrase for your needs.
Password security is just as important for your company as it is for your personal information. For support in creating a secure and effective password policy for your business, contact your Ezentria information security analyst. Ezentria helps businesses of all size establish, maintain, and continually improve their strategic information security program. With the globally-accepted ISO 27001 information security standard as a focal point we help our clients demonstrate a recognized effective information security approach to their customers, vendors, board and other stakeholders.