Your data is only as secure as your passwords. But how do you choose strong ones?
Good passwords are vital for good data security. That’s true whether you store data in the cloud, on your local network, on a laptop or on a USB drive.
Yet one of the most common passwords in the world is: password. Some variations on this theme include pa55word, passw0rd and pa55w0rd. If you think those are all weak, insecure and easy to guess, you’re right. But they aren’t the only ones. Thinking up a good password is harder than you might expect.
It helps to think about what you’re trying to protect. A good password is the key that opens the door to your data. You want that key to be as effective and secure as possible. That means it has to be unguessable.
The problem is, it’s not just people who are attempting to guess your passwords. Hackers use computers with word-lists that allow them to guess thousands of different passwords every second. A good IT system will shut down any such attack very quickly, but sometimes not fast enough – and not all systems are so proactive.
So your passwords have to be robust. Forget about choosing the name of your pet and replacing some of the letters with numbers, for example. Fido might have been your dog’s name, but f1d0 is a lousy password.
If you really want a secure password, the ideal is a random sequence of letters, numbers and (if permitted) non-alphanumeric characters. For example, “hd78n32efjtr432.?q” is a pretty good password. It’s long, it’s not based on any real word and it contains a mixture of different types of character. It would be extremely hard to guess.
Unfortunately it would also be extremely hard to remember! If that was the password for your daily login you might find it hard to get much work done.
An alternative approach is to use more memorable passwords but maintain the level of difficulty in guessing them. Such an approach is shown by the cartoon here:
That combination of words is hard to guess so it would take a hacker an incredibly long time to discover it by trial and error. Security experts have argued about the actual strength of such a password, but one thing’s for sure: it’s a long better than pa55w0rd or f1d0.
The important point to remember is to keep passwords long and hard-to-guess. They shouldn’t relate to you, so no kids’ names or passwords based on your date of birth. They should be unguessable but simple enough for you to remember, so you don’t have to write them down – because that’s also a security risk.
If all this sounds like a lot of trouble to go to, remember what’s at stake. Imagine giving your password to a hacker. What damage could they do? What could they steal? Would your business actually survive such a compromise of its data? With an easy-to-guess password you’re effectively leaving the door wide open to hackers.
This is why it’s not just your password that’s important. All your employees need secure passwords too.
Some cloud-based services now strength-test passwords as they are entered, giving a sliding scale from ‘unsafe’ to ‘safe’ or ‘weak’ to ‘strong’ so you and your employees know that their passwords are up to the job. And for really secure access, services from Microsoft Azure offer two-factor authentication. This means that a password on its own is not enough: you may also have to type in a security code sent to your phone, for example.
It’s important to take passwords seriously. They are your first – and sometimes only – line of defence against hackers. They’re what stands between you and the loss of your data; potentially even the loss of your business. Keep them strong and secure.