What Your P@$$w0rd Should L00k Like!

Author: Craig Pollack Date: Mar 29, 2015 Topics: Cybersecurity

Password Post-itWhen it comes to your password, how it looks often says a lot about you. Too often that is. Does your password tell a would be hacker your birthday? Your kid's birthday? Your favorite pet? What you like to do? Is part of it made up of an important date for you? If you're saying yes to any one of these questions, you might as well be handing over the keys to your kingdom to a would be hacker.

See the thing is, your password is only half the battle.  Simply getting into your account isn't the end all be all.  It's about what they do AFTER they're in that counts. Think about the information about you that lurks behind the scenes of your login. Consider your emails showing all your online purchases, or emails from your banks, or contact information containing your other sensitive passwords. If your password is made up of some sort of key information about you, the would be hacker now has even more information about you that they can then further leverage to do more damage to you.

Why would anyone want to get into your network? There's really nothing there of any value. Right?  Chew on this - Identity theft is one of the major acts perpetrated with a stolen password.  It's NOT about getting into your network or getting into a system via your stolen password.  It's more about using your credit card information to buy something online in your name or opening a new account in your name or stealing your identity all together!

So what can you do to prevent this from happening in the first place? The easiest answer to start off with is to ensure your password is as secure as it possibly can be. When creating your password(s) consider these as good starting points:

  • it should be at least 8 characters long
  • it should be a mix of numbers, letters, and special characters
  • it should contain a mix between upper and lowercase characters
  • don't replace letters with "obvious" special characters (ie: using an "@" in place of an "a")
  • it should contain special characters starting with the right side of the number keys rather than the left (did you know that "!" and "@" are 90% more commonly used in passwords than "+" or "_")
  • it shouldn't contain words that can be found in a dictionary
  • consider using multiple words or using a phrase (which is harder to crack and easier for you to remember) than simply one word

Here are some other rules when it comes to password management in general:

  • don't use the same password across all of your accounts
  • change your passwords on a regular basis
  • don't write them down anywhere! (especially not on a post-it attached to your monitor!)

I know managing your passwords this way certainly adds a level of complexity, but I believe it's well worth the effort.

Here's a fun little tool to check out:http://www.roboform.com/how-secure-is-my-password. It will test your password security, tell you how complex it is, and how long it would take a hacker to crack it. Now keep in mind, while it says it doesn't keep track of the passwords entered, personally I would NEVER enter my real password(s) in a site like this. 1) even though it says it doesn't track them, can you really be sure? and 2) the page is not https, so while you're typing anyone could be seeing what you type and capturing real passwords. That said, it's still a fun tool to play with and see the impacts of using "strong" passwords.

We're living in a different world these days. And with technology moving and changing so fast, it's hard for many of us to keep up.

I believe it won't be too long until passwords are a thing of the past. But until then, it's on all of us as individuals to lock down our information and make sure we're as secure as possible. And from where I'm standing, it all starts with securing our passwords.


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.