Passwords protect our digital identities and private data by acting as gatekeepers to the cyber world in which we live. Having weak, easy-to-guess, or re-used passwords puts you at risk of becoming a victim of cyber criminals.
To learn how to keep your health, financial and other information safe, on World Password Day (May 5), The Daily tapped into the expertise of Katie Starr, former information assurance analyst with Case Western Reserve University's [U]Tech, who shared five tips to follow.
Read on to learn Starr's tips for creating a strong password.
1. What tips do you have for creating a strong password or passphrase?
Create long passwords/phrases: at least 12 characters, but longer is better. If you must remember the passphrase, make it memorable but not easy to guess by a human or computer. If it's too simple, a computer can guess it, but if it's something people say all the time, a human can guess it.
Use the best parts of a password and a phrase to make it complex: Use long, unrelated words, separated by spaces or replacing a letter with a symbol or number. I like to misspell a word in a way I can remember but that a computer might not know to try, such as misspelling riding to ridin (bonus points for ridin').
Think about the example "correct horse battery staple" (spaces included), like in this cartoon.
Use CWRU's Passphrase Goodness tester to see if your passphrase can be improved, even if it's for a website outside of case.edu.
2. What are the risks of having a weak password?
A computer and a skilled attacker can easily crack or guess your password in a time frame shorter than you would normally change it. This would allow them to gain access to your private data, such as health records, financial records and emails on websites, work/personal devices, etc.
Attackers could then steal your money or data, hold your data for ransom, impersonate you, damage your company, etc. The risks are endless as your password is the key to your kingdom.
3. Can you give some examples of common mistakes people make when creating a password?
Reusing passwords across multiple websites is common, but it's a bad idea. Other common mistakes include creating a password that is too complex to remember but too short to provide any protection, and not using the spacebar and other special characters when creating a passphrase.
4. What are some other password best practices members of the community should keep in mind?
Use a password manager so you only have to remember two passwords: the password to get onto your computer, and the password to unlock your password manager. Let the password manager remember the many long, complex, unique passwords for you.
5. Anything else we should know?
There are some contradictions here—that passwords are weak because they are too short, but some really long passphrases aren't strong enough (at least according to the passphrase goodness tester). There's a balance to strike between complexity and ease of remembering: length increases complexity, but only to a certain point, and after that, you have to introduce other characters, cases and numbers.
If you want to remember the password/phrase, then only a few characters and numbers are necessary to be complex enough. Sometimes it can seem like our passphrases are never good enough, but with these tips and your own ingenuity, you should be able to create something with no trouble.