Password Security

6 Nov 2024

Password Security

Passwords are so widely used now and accepted as “business as usual” in both personal and business aspects that people know the associated high risk, as do businesses, however these are regularly overlooked in the importance of keeping a business cyber safe.

It has been commonly adopted as a security level to require a minimum 8 letter length password and adding some mandatory complexity requirements like Uppercase, Lowercase, Number and symbols along with a 90 day mandatory change in password, however these common protocols are often not enough and regulary not enforced.

For example, if your password was

leedslfc - after something common, like your favourite football team, this is 8 lowercase characters

• This would be guessed INSTANTLY by a computer

If you expanded your password to be the football teams full name and add a couple of capital letters.

LeedsUnited - this is 11 characters

• Added length and complexity means it would take 1 month to guess !

Doing another revision again, but adding in extra complexity with numbers and symbols also like below example

LeedsUnited123# - this is 15 characters

• Added length and complexity means it would take 77 million years to guess !

A simple demonstration however this show’s how quickly passwords can be “guessed” by machines

The latest advice is to use 3 RANDOM WORDS

TeacherToothKarate = 18 letters

• This simpler to remember and longer password string methodology means it would take 126 BILLION YEARS to guess

This also shows that despite common belief … Password Length beats Password complexity

So using a longer password string, of 3 RANDOM WORDS, is absolutely the more secure method to protect accounts

Using a three-word password can be an effective way to create a secure yet memorable password, especially if done thoughtfully. Here are some tips to make your three-word password strong:

1. Choose Unrelated Words

Use three random words that have no obvious connection. This reduces the likelihood of someone guessing the combination based on context.

• Example: "RiverLampSky" is more secure than "RedFastCar" because the latter is more predictable.

2. Add Variations potentially

You can make small modifications to the words to increase complexity, ideally without making it hard to remember. You could:

• Capitalize random letters: "rIverlaMpsKy"
• Include numbers: "River3Lamp2Sky"
• Use special characters: "River_Lamp-Sky!"

3. Avoid Common Words or Phrases

Avoid using dictionary words or phrases commonly found together, like "HelloWorld" or "MyPassWord". These are more likely to be guessed.

4. Length Matters

A password should be at least 12 characters long for optimal security and as you see the longer the better. Three long or moderately sized words can help achieve this.

5. Don't Reuse Passwords

This ia a major problem as well as a serious and common risk.  Make sure to use a longer unique three-word combinations for different accounts. Reusing passwords in any instance, especially crossovers in personal and business passwrords, even if they are strong, puts multiple accounts at risk if even just one single password was compromised.

6. Password Manager

Use a password manager, like 1 password for example for both your business and personal log ins as an individual person, or for business’s something like Keeper or similar is ideal to manager and to monitor business passwords and security strategy.

LoughTec are cyber security experts, to get in touch you can contact us.