It's World Password Day, so it's the perfect time to see how secure your password is.
Remember, just because a password is hard for you to remember, doesn't mean that a computer won't crack it within minutes or hours.
If you take away one thing from this article, it should be this: A long, easy to remember password is better than a short, complex password.
Let's illustrate this with a couple of examples. The first from XKCD shows the complicated password "Trub4dor&3" might appear secure, but it will take 3 days to crack at an estimated rate of 1,000 guesses per second.
Tips for your password
Do
Experiment with creating a strong password here
Make it as long as possible
Use a variety of characters
Use different passwords whenever possible
Sign-up for two-factor authentication
Don'tUse any factual information e.g. birthdays
Share your password over email or text
Use simple passwords like "12345", "password" or "qwerty"
Meanwhile, a password made up of four random but easily memorable words "correct horse battery staple" would take 550 years to crack at a rate of 1,000 guesses per second. The more characters a password has, the longer it takes to crack.
Sound too good to be true? Let's look at another example, courtesy of Steve Gibson, who hosts the Security Now podcast.
Which is more secure?
PrXyc.N(n4k77#L!eVdAfp9 (23 characters)
or
D0g.....................(24 characters long)
Look closely, you'll see both include an uppercase letter, lowercase letter, number, and "special" character. So the second is more secure because it is longer.
Gibson doesn't recommend adding dots into all your passwords, but does suggest you come up with unique padding to help increase the length of passwords.
Most websites require you to use capital letters and numbers so this can act as your padding between four or more random but memorable words.
"You could put some padding in front, and/or interspersed through the phrase, and/or add some more to the end. You could put some characters at the beginning, padding in the middle, and more characters at the end. And also mix-up the padding characters by using simple memorable character pictures like "<->" or "[*]" or "^-^" . . . but do invent your own," Gibson noted.
-
Everpure wants you to get your data AI-readyNews With enterprises facing recurring data readiness issues, Everpure wants to streamline the process and deliver AI success
-
Everpure continues data management pivot with new Data Intelligence platform launchNews The move by Everpure aims to help enterprises maximize the use of AI-ready data and break down silos
-
We need to do something about passwordsPasswords are a fundamental aspect of access security, but recent password leaks have undermined their ability to protect data
-
Dashlane lifts the lid on attack that saw hackers download encrypted user vaultsNews The company said it has now informed all affected customers, and taken action to shut down the operation
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
AI agents are creating new identity security risks: 1Password wants to solve thatNews The Unified Access system from 1Password will help enterprises manage AI agent access across different devices and users
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
