The average computer user has to log in to several systems on a daily basis. This includes work computers, social networking site, shopping sites, and personal cloud servers, just to name a few. Unless the passwords are assigned, it’s highly likely that most of the passwords users create aren’t particularly unique, and they also repeat.
For example, someone might use a date milestone, such as a birthday or anniversary, as his password for all of his work logins instead of using a separate password for each. He might even go so far as to use that same password outside of work for all of his personal logins.
While recycling makes it easy for people to remember their passwords, it also makes it easy for outsiders to figure them out. If they do and they get into your personal information, you can only imagine how much this could cost you. Setting a strong password is incredibly important.
Efforts to Combat Easy Passwords
Some network administrators try to combat this problem by requiring users to use alpha-numeric sequences, or requiring a combination of capital letters, numbers, lowercase, and special symbols, as well as a minimum password length to get users to create unique passwords. They might also require users to change their passwords at regular intervals, and restrict them from using the same password consecutively.
For example: if someone uses 10121976 as his password, on a system that requires an alphanumeric password with special characters, he might alter it to read TenTwelve@1976. If he has to change the password and is restricted from reusing the same one, he might alter it to read 10%12%76.
While the addition of the special characters will make it more difficult for someone to guess the password, the fact that he’s using that specific date increases the chances that someone will figure it out.
It also presents a problem if the user has multiple variations of that password floating around because not all services have the same password criteria, and not all services require password changes; as a result he could end up confused as to which password goes with which service. Services that assign unique passwords can be a little more secure, but they can also be difficult for users to remember because they don’t necessarily make sense.
If users have difficulty remembering their passwords, they will be more likely to write them down and store them in a convenient location, thus making them less secure.
Also, if left to their own devices, users might never change their passwords, increasing the risk of a security breech.
Many experts suggest using a string of words that seem to be unrelated but make sense to the user. Additionally the passwords should be longer than six characters and have a combination of numbers and symbols, which are significantly more difficult to hack.
For example: a user could think of his three favorite foods and string them together into a password, like PickleCatfishShrimp. Then he could replace some of the letters with numbers and symbols to make the password more secure, like P1ckl3C@f!sh2h4imp.
Another option could be using a long common phrase, but use letter substitutions, like Pr!63&P43ju6!c3.
For online accounts, to combat the security risk associated with writing the password down and storing them where someone could find them, the user could also use password manager software which stores any online account login information in a password protected database. The user then only has to remember one password, and the software will automatically enter the correct login information for each site that he visits. Additionally, if the passwords ever change, the password manager will automatically update with the new information.
Industry leaders, like Microsoft, have several suggestions for enforcing strong password usage in a corporate setting, but they mostly revolve around network settings, such as enforcing password history, setting minimums and maximums on password age and password length, and setting complexity requirements. However, they don’t address the issue of user difficulty at remembering passwords, and the security breaches that result from writing passwords down.
One solution could be implementing a strong program of user education, teaching users to avoid easy-to-guess passwords, and showing them how to create passwords that are unique, complex, but also easy to remember.
Do you have rock-solid passwords that no one will be able to hack into? For your financial sake, I sure hope so!
My name is Derek, and I have my Bachelors Degree in Finance from Grand Valley State University. After graduation, I was not able to find a job that fully utilized my degree, but I still had a passion for Finance! So, I decided to focus my passion in the stock market. I studied Cash Flows, Balance Sheets, and Income Statements, put some money into the market and saw a good return on my investment. As satisfying as this was, I still felt that something was missing. I have a passion for Finance, but I also have a passion for people. If you have a willingness to learn, I will continue to teach.