Passwords... Now required for everything, but how do you make them memorable?
- Don’t write down your password and leave it where someone else can find it
- Don’t use the same password for each of your accounts
- Don’t use predictable phrases/words as a password
According to NIST (National Institute of Standards and Technology), the length of a password does not make a password more secure. Security, in this case, depends on the predictability of the password, whether it’s a series of characters or a passphrase (usually longer in length). For example, using the word “password” as a user password, is one of the most predictable passwords, even though it’s 8 characters long; on the other hand, using “hGi038” as a password is less predictable but is only 6 characters long. So how should you create passwords that are easy to remember, but still difficult to predict?
Password Do’s: Use a passphrase rather than a set of random characters, if you have trouble remembering complex ones. Passphrases can be just as challenging to guess – create one that is longer or that makes sense for you.
Here are some tips to creating a secure password:
- Combining the names of your favourite colour and your favourite animal into one word – “greenelephant”.
- Replace letters with numbers that resemble the respective letters, i.e. Al3x (Alex), M0nk3y (Monkey), etc.
- Use a mnemonic phrase, i.e. Pbmval! (Please be my valentine!)
Some other tips for keeping your devices secure:
- Use a fingerprint scan when applicable, as it cannot be guessed or replicated. What the user doesn’t see, is that this biometric device generates a password based on the fingerprint scan.
- Opt for two-factor authentication when applicable. This is when you’re required to enter two forms of authentication (any combination of: a password, a smart card or token, or a fingerprint or voice pattern). It’s more likely for one of the forms of authentication to be guessed, but not both, together.
For more information on the NIST password guidelines, click here.
For businesses, click here to find out why it’s important to go beyond Password Policies outlined by industry compliance standards. (Link to blog “Why Compliance Does NOT Equal Security)