How Strong is Your Password?
We’ve all seen those annoying instructions when creating a new password – “you must use one special character, one capital letter, six letters, two numbers, one emoji” …. ok, maybe not that last one but the rest is familiar to everyone.
Given the potential risks, it’s understandable that companies want you to use complex and hard-to-guess passwords. Unfortunately many of us create passwords that obey the rules whilst being easy to remember and often use the same password, or similar ones with little variations, every time we’re asked to “create a new password.”
These passwords often involve personal information such as names of pets or family members, birth years and an exclamation mark at the end e.g. Tiger2017! The problem here is that hackers can easily find personal details like your family’s names on social media, and then try every possible variation very quickly using software.
This is why the new guidance highlights that the length of your password and its unpredictability is more important than the special characters and other rules mentioned above.
Here are four tips for creating safer passwords:
- A random four-word phrase, such as SocialUniversityReportEvent, is actually tougher to crack than any random 8-character password.
- Add special characters like $ ? ! % & @ and capital letters, but don’t put them at the beginning or the end.
- Check your password’s strength on How Secure Is My Password? | Password Strength Checker (security.org) or https://www.safetydetectives.com/password-meter/
- Don’t always tell the whole truth when answering security questions – it’s surprisingly easy to find someone’s hometown or even their mother’s maiden name from social media.