Cyber Awareness Month – Better Passwords

Passwords are a necessary part of our digital lives. They protect everything from our social media accounts to our banks – but many of us fall prey to bad password habits. However, crafting passwords can be easy and will help you Secure Our World.

Let’s start with the essentials; what exactly makes a strong password?

In it’s most basic sense – it’s how easy a password is to guess, and by “guess” we mean by either a human being or by a computer.

A human being can (and will) do their research. They can do things such as go to your social media and find out that you have a dog called Biscuit and you took a holiday to Greece in 2022 so they will try BiscuitGreece2022! and other variations. They can write software to try keywords from your publicly available information like this. This is why advice number one is:

DO NOT USE PET’S NAMES, CHILDREN’S NAMES, HOLIDAYS, SPOUSES, IMPORTANT DATES OR PLACES AS PART OF YOUR PASSWORD.

Computers can guess passwords through several methods, one of the most common is by using something called a dictionary attack. This involves a computer looking through all the words, and common combinations of words, to try and guess the password, as if it were going through each word in a dictionary in turn. And they are quick at this – very very quick. And with advances in technology they are only getting quicker.

These dictionary attacks also included common pop culture references so changing your password to something such as LordOfTheRings1 or TaylorSwift4Life also won’t work – they will have these as part of their “dictionary” or “wordbank”. Commonly quoted phrases, song names – they will all be in there.

In fact: a recent article included a list of some of the most hacked pop-culture related passwords and how often they appeared:

  1. Superman (584,697)
  2. Blink-182 (482,244)
  3. Batman (352,422)
  4. Star Wars (323,546)
  5. Eminem (286,263)
  6. 50 Cent (267,691)
  7. Metallica (264,913)
  8. Slipknot (258,281)
  9. Spider-Man (253,179)
  10. Minecraft (215,934)
  11. Hello Kitty (188,126)
  12. Barbie (186,730)
  13. New York Yankees (170,241)
  14. Green Day (142,561)
  15. Slayer (136,810)
  16. Flo Rida (135,310)
  17. Pantera (121,665)
  18. Warcraft (121,473)
  19. Linkin Park (118,856)
  20. Boston Red Sox (116,987)
  21. Rammstein (106,897)
  22. Harry Potter (104,544)
  23. Avatar (100,612)
  24. Terminator (100,128)
  25. Pikachu (96,430)


Computers will also include variations on all these things that change letters for numbers or symbols so that also won’t increase your level of security or make your password any harder to crack.

Therefore rules 2 and 3 are:

DO NOT USE COMMON PHRASES, SAYINGS, POP CULTURE REFERENCES

DO NOT ASSUME REPLACING LETTERS WITH NUMBERS OR SYMBOLS INCREASES YOUR SECURITY

With all that in mind, what can be done to create a memorable and strong password?
Well one good method is “three random words” -in which you take three completely unrelated words and put them together. They can be memorable to you but must be unrealated such as ToothpasteFrogLantern – this password would be hard for a computer to guess but should in theory be easy for a human to memorise without having to write it down, which brings us on to rule number 4:

DO NOT WRITE YOUR PASSWORD DOWN – NOT IN A BOOK OR IN A WORD DOCUMENT SAVED ON YOUR COMPUTER

But even then, in this modern world, we need passwords for every system. Most of us will have hundreds of passwords in use. Memorising them all seems like a completely impossible task. It is extremely tempting to reuse the same – albeit potentially very strong – password across multiple sites or applications, which unfortunately is rule number 5:

DO NOT REUSE PASSWORDS

A reused password is immediately an insecure password. If an attacker were to somehow gain knowledge of that password, then they would now be able to unlock multiple accounts instead of just one. If a single site had a data breach and your password was leaked, they now have access to all the other accounts you have used that password for.

So whats the answer to this? How can you create a strong password that you can remember without reusing it? Well the simple answer is, you don’t. Unless you are a computer or a genius with a very impressive memory you will never be able to remember all the passwords you will need in this digital age.

You are not a computer, but a computer is! Let’s use a password manager!

Passsword managers are the best thing you can use to keep your passwords safe. At the most basic level, your web browser remembering your password for you is a password manager – though perhaps not the most secure one.

But there are also many Password Managers out there that offer their services, usually for a small fee. These are usually more secure and offer additional features such as inputing passwords into applications automatically as well as websites.

Some well known and popular password managers are:

NordPass
DashLane
1Password
Bitwarden (FREE)


Just remember – it is essential that you make sure you fully protect your password manager with two-factor authentication and a strong password and then all your accounts should be safe and secure.

And finally, if you want a bit of fun you can always try The Password Game – a devilishly hard game about creating a strong password (taken to a ridiculous extreme) – Good Luck!