top of page

How secure is my password?

Updated: Jun 5

As annoying as they can be, passwords will probably be the primary protection mechanism in our digital world for some time, so here is the core takeaway, and more details are below.



Photo graphic of a password box. The 5 character password typed is not visible and the bar below is red, stating 'weak'

Conclusion

Whether you use passwords or passphrases, ensuring these are extended with another authentication layer is crucial; using a physical token, a smartphone app, or even a text-based system is better than none (ordered most - least secure).

Always enable Multi-Factor Authentication.


A strong, random, complex password like “6ipBD@4@kl20y9@D” or a passphrase like “The5un1sBr!ghtAga1nT0day” will be challenging to crack, but one is definitely easier to remember.

Using a password manager like LastPass is preferable but also carries risk (see more below). Password managers also help with password reuse (which is a bad idea) as they can randomly generate and store passwords so you don’t have to remember them.


Key Points - How secure is my password?


What makes a good password/passphrase?

A password or passphrase has two elements: length and complexity.

The shorter the password, the more random and complex it must be to be considered strong.

To increase complexity, use a minimum of 12 (we recommend 16) characters, a mix of uppercase, lowercase, numbers, and special characters.


For example, I’ve entered a basic 12-character lowercase-only password into a “How Secure is Your Password?” website and increased complexity by adding different characters.

As you can see, the difference in estimated crack times is greatly improved.

pfyemvywaksc – 1000 Years

pfyeMvyWakSc – 176,000,000 years

2fYe9v6W3kSC – 419,000,000 years

2fY£9v6W3kS* – 11,000,000,000 years


Password crackers are getting more sophisticated, and using familiar words in shorter passphrases like “CorrectHorseBatteryStaple” are getting easier to crack.

So, aiming for longer passphrases with added complexity is key for your most secure accounts.


For example, something like “!ThisYearIsGoingToBeGreat2024!” is going to be a vast improvement, but you could go to the next level with added complexity like this example, “Th1sYear!sG0ingToB3Great2O24”.


However, requiring a password/passphrase similar to this for every account is a lot to remember:

But as it’s secure, you can reuse it, right?


Reusing Passwords


Password reuse is a bad idea.

The main reason for this is that a data breach at one company could lead to a breach of all your accounts using a technique called credential stuffing. Hackers will attempt to use stolen credentials on many other sites, especially email.

Email is usually the gateway to resetting all your accounts, so NEVER reuse that password anywhere.


Storing Passwords (Password Managers)


The issue today, is that we have multiple accounts across multiple systems, so we need to remember tens, if not hundreds, of passwords, and NO! A password notebook is not the way!

Password managers have come to solve this issue. You remember one password, and the manager remembers all the others. Amazing, right? Well, they are not without their risks.

Let’s look at the pros and cons.

Pros

  • You can remember one long, complex passphrase to unlock all your other shorter, randomly complex passwords.

  • A caveat to this is always to use another long, complex passphrase for your main email (you’ll see why in the cons)

  • Most managers will generate random, complex passwords for you, with complexity and length settings configurable to meet a website’s requirements.

  • They will analyse your passwords for reuse.

  • The encryption used is considered more secure than most sites.

Cons

  • Single point of failure: they are so secure that if you forget your master password, you’ve lost access to your vault.

  • Enterprise editions can create recovery keys for admins.

  • This is why you need your email password to reset all the others.

  • Password vaults are highly targeted as a single password breach gives access to all your passwords.

  • Advanced features usually have a cost, although most offer a good free version for home use.


In most cases, the benefits outweigh the risks, allowing for better passwords everywhere you log in.


Enhanced Security (Multi-Factor Authentication)


Where available, enable Multi-Factor Authentication.

This is probably the best current mechanism to secure your accounts from compromise. Adding an additional step in the authentication process means that even with a compromised password, an attacker would need access to your token, device, or phone number to gain entry.


Fundamentally, nothing is 100% secure, but following the above will help keep your accounts safe from password attacks.


**


Examples of Bad Passwords

Anything that deviates from the above is not a great password, but below are the 20 most common passwords found in hacked credentials.


Please do not use any of these


123456

admin

12345678

123456789

123

12345

password

Aa123456

1234567890

1234567

123123

111111

Password

root


**note: we are fans of LastPass as a password manager and have been using it for a long time; we are also affiliates, and using one of our links above will give us an affiliate fee.

27 views0 comments

Comments


Commenting has been turned off.
bottom of page