Good Password
Cyber Security

What’s in a (good) password?

After reading the title of this post, the thought may have crossed your mind to stop reading because you already know the ‘formula’ to make a good password. BUT, you would be incredibly mistaken to stop reading because, not only is this post bound to be one of the most riveting things you’ve ever read (okay, maybe not, but I’m going to tell myself that it is!), but also because what you may think is a secure password, is barely a challenge for software designed to crack passwords.

Generally, the ‘formula’ people use to create their passwords goes something like this: take a random word, capitalize the first letter, add a couple numbers to either end, and possibly finish it off with an exclamation point or asterisk at the end. A password following this formula could look something like this: Hacker94!  While that password is SO MUCH STRONGER than something like password1234, it still would only take a hacker minutes to crack something like Hacker94!

Crazy, right?? I always followed that ‘formula’ to create my passwords and thought they were really strong… Granted, I also always imagined that hackers were these random dudes sitting at their computers attempting to log into one of my accounts by guessing passwords that consisted of words or numbers that might mean something in my life, like they show in the movies. Turns out that’s not at all how hackers are trying to get into your accounts….apparently they’re actually a lot smarter and more sophisticated than that….who knew!?

In more recent years, hackers have deployed attacks using software that is designed to mimic this ‘formula’ that most people use, allowing them to crack encrypted passwords in minutes. Even passwords that are a string of words with numbers and symbols will take no more than an hour to be decrypted using software like this. Additionally, any passwords that include a word which can be found in the dictionary—whether Webster’s Dictionary or Urban dictionary—are nearly guaranteed to be cracked because the software hackers use has a word list built into it made up of words from the dictionary.

So, what’s the actual ‘formula’ for making a good password, you ask? The best passwords are 12+ random character passwords which are nearly impossible to remember. These passwords can be computer-generated and completely random to you, or they can be made from pieces of a phrase that means something to you. For example, if I were making a secure password for myself, I would use the phrase “My #1 place to be is Marketing at ASB”. (Trust me, it really is!) I would then turn this password into something like M#1p2biM@ASB. This password is 12 characters, does not consist of any dictionary words, and it doesn’t follow the common password-creating formula.

Now, while a password like M#1p2biM@ASB is very secure, it is way less secure if I use it on more than one site. The best passwords are ones that are completely unique for each site you log into. Just as we don’t have a locksmith make us a universal key to every door in our house, business, car, or safe, we shouldn’t use the same password for every website that we log into. I’m sure you’re all questioning me right now, thinking I’m absolutely crazy for suggesting that you use a different, unique, 12+ random character passwords for EVERY site that you log into. But I’m not crazy, I promise! (Well, not entirely crazy at least!)

Here’s the key: find a password manager. This can be something as simple as a piece of paper that is stored in a secure place (generally the least-suggested option), a password-protected word or excel document, a password managing software that you install on your computer, or an online password vault (generally the most-suggested option). Online password vault is the one I would personally suggest for multiple reasons: a piece of paper is easily lost or stolen, and if your computer is hacked or hijacked, your excel document or password software are lost. An online password vault is one of the safest options, as well as the most convenient—it allows you to access your passwords from wherever you are with a single password. Should this be the option you choose to manage your passwords, make sure to maintain the vault’s password often—update it every few months (annoying, I know, but necessary), and be sure to choose something 12 characters or more that doesn’t include dictionary words.

Remember that the guidelines I’ve outlined thus far are not fail-proof ways to keep your accounts from being hacked. Hackers are continually getting smarter and better at decrypting passwords which allows for the possibility that your account may, at some point, get hacked. But these guidelines are definitely best-practices to follow in order to keep your passwords and personal information safe.

There are some really unsafe password practices out there. Learn from people like the ones in the video below and keep your passwords safe!

American State Bank
Member FDIC