Using a strong password for your online accounts is a great practice and is not new information. For years it has always been stated to use strong cryptic passwords that cannot be easily identified and discovered.
Over the past several years with the proliferation of more and more online accounts and faster computing power, it has become easier for hackers to discover and crack passwords so the requirements of creating a “secure” password have escalated. Why does this matter and what should you do? Read on and we will provide some insight to help avoid any major catastrophes.
Recently, LinkedIn and several other large online communities had been hacked and upwards of 8 million passwords were posted onto a a Russian Forum.
Some interesting Data, at least from the LinkedIn breach has been released that shows the most popular 30 passwords that were discovered. The info-graphic below shows that, out of the top 30 most popular passwords, 50% use 5 characters or less. A whooping 30% use 4 characters or less. And each password (100% of them) contain only a single character type. This means that they only contain lower case letters or all numbers, no combination of character types.
Best Password Security Practice
According to Victor Green from GreenLake Consulting Group, no password is 100% secure, but you can use best practice to make them more difficult to discover. Victor recommends using at least 9 characters and making sure to use multiple character types (as many of the following as possible):
- Lowercase letters
- Uppercase letters
- Special Characters (%$&#>’!)
Also, make sure that you don’t use real words or phrases that can be easily discovered. Stay away from birthdays, addresses and other identifying terms.
At South Florida Web Studio, all of our websites have Content Management Systems and will have a control panel for our clients to login. We recommend that our clients create passwords with the above criteria and use at least 10 characters overall (we set ours internally with a minimum of 12). While this has changed over the years, the length of the passwords continue to get longer and I imagine in a few years may be over 20 characters in length (unless some other security method gains popularity).
How do we remember all of these passwords?
We don’t have to, we use a program like LastPass. LastPass will remember all of our passwords for us and stores them, encrypted, in the cloud for us to access from any PC. The browser toolbars make it easy to login from our primary computer as it will auto-populate the login fields when it recognizes a site in your account.
How can this save me time and money?
If any of your online accounts become compromised by a security breach. This can be a painstaking hassle to cleanup and correct. It can also lead to further identity theft which, according to Mr. Green, in some circumstances, can take hundreds of hours and thousands of dollars to rectify. While there is no way to completely eliminate the threat, using best practices can help to alleviate the risk. A few moments of extra time to setup a proper password management system can save you countless hours of lost time due to high risk, easily discovered passwords. And the best part is, once you are set up with a system, like LastPass, creating new passwords for new accounts is even easier than before because they have a tool that will auto-generate passwords for you. You don’t even have to think about your passwords anymore.
Final thought: Stay away from using the website name in your password. It is too easy to discover. Note the number one password in the list above from LinkedIn is “link”, which was used by 941 accounts.
Categorized in: Sofla Web Studio
Published On: Jun 13, 2012