Best of 2022: You shall not pass: just how strong is your password?

Did you know that the password “admin” takes just 1 minute to crack? If you are still using this password today, you are at a great risk of getting hacked.

It is estimated that employees need to remember as many as 50 to more than 100 passwords on average. This makes it very tempting to create simple passwords and reuse or share them across different accounts. However, this exposes us and our organisations to plenty of risk. After all, passwords are our first line of defence in the digital world.

In fact, there was a data breach in 2021 whereby a company email account was hacked and used to send 600 phishing emails. Upon investigation, it was found that the employee’s password was weak and old – the password was an abbreviation of the company name with “@1234” added at the end.

Using your company name or your personal details in your password is actually not a good practice. So what does it take to produce a strong password? We list down a few tips below:

1. Set a minimum password length

It is a good practice to stipulate that passwords should have at least 8 characters, containing at least 1 alphabetical character and 1 numeric character. A longer password helps make it harder to crack, but password length is not the only factor in this.

2. Password complexity

Password complexity is still vital. You can make a password more complex by including both lowercase and uppercase letters, adding numbers, as well as special characters such as ‘!’ and ‘&’. Adding spaces also makes the password more difficult to decipher.

For complex passwords that are easier to remember, consider using passphrases, such as “1drink3cupsofc0ff33!”. According to the Cyber Security Agency of Singapore’s Password Strength Checker, this password takes 15 million years to crack.

3. Things NOT to include in passwords

It is best not to include personal details like your birthdate, name, phone number, or email address in your password. In fact, anything that can be found online or on social media must not be used. This may include your child’s name or even your pet’s name. Company details such as the company name should also be avoided.

Aside from these, it is not recommended to use common words found in the dictionary, such as “laptop” or “basketball”. These words can also easily be guessed by hackers.

And you should most certainly not use variations of the word “password”, such as “p@ssw0rd” or “mypassword”.

4. Cross check passwords against password dictionaries

It is wise to regularly cross check whether your passwords are found in password dictionaries, or are among the most commonly used passwords found on the dark web. Some of the most common passwords in 2021 were “123456”, “qwerty”, “qwerty123”, “iloveyou”, “qwertyuiop”, and “666666”. You are at a greater risk of getting hacked if you use a very common password.

5. Manage your passwords better with password managers

Credible password managers are good tools that can help free us from the need to remember our many passwords. Password managers store our passwords for all our accounts and encrypt them so that they are secure. Thus, even if cybercriminals successfully hack the password manager, they would be unable to read your passwords.

And because you no longer need to remember a ton of passwords, thanks to password managers, you can create complex passwords and avoid reusing them for different accounts.

Creating strong passwords is the first step you can take to ensure that your personal and company information is kept secure. Companies should make sure that employees do not become lazy or negligent when it comes to password management.

Effective password management is not just about creating strong passwords. To know more about the must-haves for your company’s password policy, read this article.

This article was originally published on 2 June 2022.