What Grade Does YOUR Password Get?
As we are all neck deep in the #covid19 crises, an overwhelming need businesses face is ensuring their critical information available and safe. Employees are scrambling to get remote access and in doing that are inadvertantly creating exposures to risk. In the first part of this multi-part series, I talked about the importance of having a cyber readiness plan. Last we talked about the importance of having a backup of everthing! Today, let’s talk about something we all use, but probably don’t think too much about; our passwords. What grade does your password get?
What makes for a good password?
Most people fail miserably when creating passwords that have the length and complexity needed to avoid being cracked. Nearly all cleartext passwords are brute forcible in seconds. There are no participation awards when it comes to securing your information. While many of us have children at home finishing out the school year, let’s take a look at the most common types of password and see what grade they get!
All numbers or lowercase characters (8 or fewer characters) – GRADE F!
- Example: “123456”/”soccer”
- Brute-forcible in the blink of an eye. Most people know not to do this. If you are still using passwords like this, just stop!
Combination of numbers and lowercase characters (8 or fewer) – GRADE F!
- Example: “ncc1701″/”michael1”
- Slightly better, but still super easy to guess or crack!
Combination of numbers, upper and lowercase chracters (8 or fewer) – GRADE D!
- Example: “Drag0n!”/”Vikings#1”
- This is where most people are today. Dictionary attacks will break both in a matter of minutes.
- Other things to consider:
- Often harder to remember
- When it comes time to change, most will iterate; i.e. “Vikings#1” becomes “Vikings#2”
Long Password Phrases – GRADE B- !
- Example: “correcthorsebatterstaple”
- Better than above. Easier to remember and the length of the password makes it harder to crack.
Long Password Phrases with a “stop” character, symbol or number – GRADE B!
- Example: “webutterthebre%adwithbutter”
- About as good as you can do (other than increasing length)
Password Managers – GRADE A+ !!
- Software that randomly generates long passwords
- Removes the human element from password creation