The short answer is yes! A password is the last line of defense that hackers have to cross before getting to your information. Using soccer as an example, your defense should stop attacks, but ultimately, it’s the goalie who stops the ball. And just like the goalie, your password needs to be on it's A game. Long gone are the days where your dog’s name will serve as an appropriate password. If hackers find a weak link - aka an employee with a guessable password - they could have access to your network and you could be personally responsible for leaking company critical information. So, how do hackers gain access to information such as financial info, a client database, or more?
Brute Force attacks A brute force attack is a trial and error method where a script or program will consecutively try possible password combinations.
Dictionary attacks A dictionary attack is a method of trying to get user end information by entering words found in a dictionary as a potential password.
The good news is that there are tricks to mitigating your risk against brute force and dictionary attacks. When creating a strong password it is important to first consider the following, on an average keyboard there are: 26 uppercase letters, 26 lowercase letters, 10 digits, 33 capital ASCII-printable symbols, for a total of 95 options per character that you choose for your password. Therefore, statistically speaking, the more variations of the above combinations, the stronger your password will be. If you are worried about the current strength of your password, I’d urge you to use a password strength test. It will tell you the measurement of how unpredictable a password is, otherwise known as entropy in the Computer Science world. If you really are interested in increasing your security, another tip is to update your security questions for resetting a password. The classic security question is, what is your mother’s maiden name. But, if your mother’s maiden name can be found on Facebook, I’d take a second to reset your security answers. Before we cover good rules to follow when creating a password, let’s take a look at some of the most common passwords in use. If you’re using them, or any variation of them, you should really consider resetting them after this read:
Because there are many different types of attacks, it is important to follow the golden rules below.
The 7 Golden Rules:
- Should be 8 characters or longer. Length is the most important because the longer a password is, the more combinations there are for the hacker to crack therefore making it more difficult
- Should have a mix of uppercase and lowercase letters, numbers and symbols
- Should not contain your username
- Should not based off of any personal information that is easily accessible. A good rule of thumb is that any information that is posted on Facebook should not be part of your password: i.e. your children’s name, city of birth, anniversary
- Should not be a common phrase or word that can be found in the dictionary. Just because you have a strong password, doesn’t mean it has to be difficult to remember. Even if you have a current password that is found in the dictionary, you could give it an update by misspelling the word, or adding in a symbol. For example, if your password was previously tunafish, you could increase security by changing it to Tun@f1sh.
- Should not be created randomly
- Should not be a suggestion when you type the first three characters into Google