• Derek Pearce

You shall not pass!

Passwords. They seem to be everywhere. A password for your emails, another for your online shopping, bank, social media accounts, work and the list goes on and on.

And these can't be simple, easy to remember passwords either. They always need to be complex, long and meaningless and yes, they are forgotten too easily? Why can't we just have simple, easy to remember passwords? The simple answer is that a solid, strong password is the first line of defence for both your work and personal information and are truly under-appreciated.

Over 80% of data breaches are caused by password issues of one form or another. But what can a small business owner or one person sole-trader do to protect both the Companies data and their own personal information? Fear not dear reader there are a number of things that can be done to solves this dilemma.

So what is a Strong Password? Wikipedia defines it as;

#Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.

So, the stronger the password the longer it would take someone to guess the password or use a PC with the appropriate software to run through all the possible combinations.

Therefore 123456 would not make a good password. That said, according to the National Cyber Security Centre (NCSC) in April 2019 it was used by 23.2million people in the UK and is the most common "weak" passwords. Others include 123456789 (7.7 million), qwerty (3.8 million, password (3.6 million), superman (333,139) & Pokemon (226,947).

Running the above through one of the many password strength testers online* showed that they would be compromised so quickly that the tester could not measure the value and only returned 0 seconds. Only one of these passwords have a value greater than instant. Pokemon returned a value of 0.03 seconds. Not a great deal of comfort.

So what can you do to make a strong password that doesn't fold like a sheet of tissue paper in a rainstorm? There are various things you can you. Increase the range of character you use such as Upper and Lowercase, add in numbers and symbols such as £, % or _ but don't be fooled into thinking that is a strong password. Let's improve Pokemon. Let's use P0kem0n so substituting the "o" for zeros. The test results are 0.11second. Putting numbers as letters is something hackers are aware of so it is not a good idea on its own

A password should be at least 8 characters (the longer the better), made up of upper and lowercase with numbers and symbols. It should also be random or semi-random. skRagbb@4583! would last 6000 years but it might be impossible to recall. Even if you used it, it is recommended at you use a different one for each of your accounts and it should be replaced at regular intervals. So, people used more memorable passwords, they use them for all their accounts and, if they change them at all they simply add a digit to the end.

Yes, there are other ways to keep them safe. You could download and use a passwords manager. There are many good ones. This means that you only have to memorise a single "master" password. Once that is done the system can generate long, random passwords for each event, store them safely and recall them the next time to visit that site or have to enter that password.

The NCSC promotes a simpler method. It says you should think of 3 random words. Looking at my desk I will choose Pen, Mobile, Clock. If I just use these three words as a password

PenMobileClock (29days) easy to remember but not that great. Let's add in some numbers P3nM0bileCl0ck (8 months), better but still not great. Let's add a couple of symbols $P3n_M0bileCl0ck! (2 thousand years!). Yes, it looks tricky but, with a little effort you can recall this and you could use the same pattern for other passwords such as $Firstword_secondwordThirdword! And you can use related words to the account you are going to use it on. For shopping Beans, Tescos, Coffee becomes $B3ans_Tesc0sC0ffee! (232 million years)

Finally, a few things to be careful of;

Never use the names of your husband, wife or partner, either ex or current.

Never use your children's names

Or your pets name

Your place of birth

Your favourite holiday

or something related to your favourite sports team

Remember that strong passwords are your best defence against having your information stolen but no matter how good those passwords are it is worthless if you write them down!!

* Never put your real password into a password tester. Use a password with the same number of letters, number etc to see how strong your real password might be.

For more help and guidance on protecting your data.

National Cyber Security Centre - NCSC.GOV.UK


4 views0 comments

Recent Posts

See All