Password Security
6 Nov 2024
Password Security
Passwords are so widely used now and accepted as “business as usual” in both personal and business aspects that people know the associated high risk, as do businesses, however these are regularly overlooked in the importance of keeping a business cyber safe.
It has been commonly adopted as a security level to require a minimum 8 letter length password and adding some mandatory complexity requirements like Uppercase, Lowercase, Number and symbols along with a 90 day mandatory change in password, however these common protocols are often not enough and regulary not enforced.
For example, if your password was
leedslfc - after something common, like your favourite football team, this is 8 lowercase characters
- This would be guessed INSTANTLY by a computer
If you expanded your password to be the football teams full name and add a couple of capital letters.
LeedsUnited - this is 11 characters
- Added length and complexity means it would take 1 month to guess !
Doing another revision again, but adding in extra complexity with numbers and symbols also like below example
LeedsUnited123# - this is 15 characters
- Added length and complexity means it would take 77 million years to guess !
A simple demonstration however this show’s how quickly passwords can be “guessed” by machines
The latest advice is to use 3 RANDOM WORDS
TeacherToothKarate = 18 letters
- This simpler to remember and longer password string methodology means it would take 126 BILLION YEARS to guess
This also shows that despite common belief … Password Length beats Password complexity
So using a longer password string, of 3 RANDOM WORDS, is absolutely the more secure method to protect accounts
Using a three-word password can be an effective way to create a secure yet memorable password, especially if done thoughtfully. Here are some tips to make your three-word password strong:
1. Choose Unrelated Words
Use three random words that have no obvious connection. This reduces the likelihood of someone guessing the combination based on context.
- Example: "RiverLampSky" is more secure than "RedFastCar" because the latter is more predictable.
2. Add Variations potentially
You can make small modifications to the words to increase complexity, ideally without making it hard to remember. You could:
- Capitalize random letters: "rIverlaMpsKy"
- Include numbers: "River3Lamp2Sky"
- Use special characters: "River_Lamp-Sky!"
3. Avoid Common Words or Phrases
Avoid using dictionary words or phrases commonly found together, like "HelloWorld" or "MyPassWord". These are more likely to be guessed.
4. Length Matters
A password should be at least 12 characters long for optimal security and as you see the longer the better. Three long or moderately sized words can help achieve this.
5. Don't Reuse Passwords
This ia a major problem as well as a serious and common risk. Make sure to use a longer unique three-word combinations for different accounts. Reusing passwords in any instance, especially crossovers in personal and business passwrords, even if they are strong, puts multiple accounts at risk if even just one single password was compromised.
6. Password Manager
Use a password manager, like 1 password for example for both your business and personal log ins as an individual person, or for business’s something like Keeper or similar is ideal to manager and to monitor business passwords and security strategy.
Using three random words as a password is recommended because it combines both simplicity and security. Random words are easier to remember than complex strings of characters, yet they’re strong against hackers because they create long, unique combinations that are harder to guess or crack. Each word adds layers of complexity, especially when chosen unpredictably (like "GardenRocketPencil"), making it resilient against brute-force attacks. This approach is user-friendly, memorable and meets security standards, providing a more practical way to protect online accounts without sacrificing strength.
LoughTec are cyber security experts, to get in touch you can contact us.
Back