Last week, I gave a very basic overview of how choosing the wrong password can expose your business to hacker attempts. The truth is, bad passwords are a big “hack me” sign on the back of your business. So how can you avoid being victimized by someone with knowledge of computers, access to the Internet, and way too much time on their hands? Simple: Create the best password possible.
Web Security 102: Best Practice in Password Creation
So, what’s the best password?
Care to guess?
Okay. Here it is. The best, most secure passwords have the following characteristics in common:
- Mixed case: “pAssWord” would be a really bad usage of this characteristic.
- Use alphanumeric symbols: “p@$sW0rd” is the worst password which fulfills both of these requirements.
- Not constructed of a single word in any language (especially English): Don’t use “shadow” or even sh@D0w. Your password should be as long as you can make it while still fulfilling the next and final characteristic.
- Memorable (to you): This is where I contradict what you’re already thinking. Yes, your password needs to be long, and it needs to be something which is not immediately coherent. But you should also be able to recall most of your passwords (notice the plural: More on that shortly). Writing down passwords means having files that, if stolen, compromise your business. Do it if you absolutely must in order to keep your information secure, but if you can figure out a way to remember your extra-strong passwords, that’s always the best policy.
So, Back to Password-s
I told you, plural. This is so important, but so hard for people to follow through on. You should never, ever, ever, ever, ever times infinity use the same password for all of your accounts! I don’t care if your three passwords are abc123, efg456 and hij789, you’re going to be more secure than the guy just using one of those three every time (pro tip: please don’t do this; I might cry).
Just as important as having multiple passwords is to change your passwords frequently. This is because anybody, given enough time, can probably figure out your password. Many people say that mixed case, alphanumeric passwords are the most secure, and in a sense they are. They point to all the combinations as reason why it’s impossible for a hacker to guess your password in their lifetime.
The truth is, however, that the longer your password stays the same, the better a hacker’s odds get. As such, it is generally recommended that you change your password once every 60 days. That’s twice a quarter, and it’s worth the time learning the new passwords to protect your business’s digital footprint and internal files.
There are some helpful places to test and generate passwords online to get you started. My favorite of each: