“Increase password strength” should be on your and your employee’s to-do list for 2024. Why? Password-based attacks are becoming easier and more common due to the assistance of artificial intelligence. There are three common password attacks we are seeing more and more of:
Brute-force password attacks: Attacks that try trillions of username and password combinations – which attackers can now do in 22 seconds. If you have a simple password, a hacker can get into your account in no time.
Dictionary password attacks: A type of brute-force attack that refers to a dictionary list of words to create passwords. So, if your password is simply “Hockey1” – you’re out.
Social engineering password attacks: Hackers stalk your social media to learn facts about you. They then use your children’s names, dog names, and more to guess your password. Think “ILoveCharlie” is safe? Not at all.
In this blog, we’ll be sharing seven simple ways to increase the strength of your passwords to protect you from these attacks. We recommend using these tips for all personal and professional passwords.
Photo by rc.xyz NFT gallery on Unsplash
For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
Additionally, if you are a security awareness manager, consider adding these tricks to your password policies to ensure all employees have strong passwords.
The most common excuse for not having a strong password is that they are hard to remember. We get it, but there are strategies you can use to create memorable and hard-to-guess passwords. One of these is using “passphrases”. A passphrase is a password strategy that uses a string of words. The key to this strategy is using a random string of words, not any personal words.
Think: LampRoseTeardropCar
Not: CharlieConnorSarah (Your kids’ names)
Maybe these words mean something to you that no one else would know. For example, you may list the different magnets on your fridge. Or list the top-selling item at each retail job you had in high school. If you need extra help making it memorable, consider taking a phrase and only highlighting certain words. For example, if you’re using a fun fact you remember:
Think: GiraffesThirtyLightningPeople
Not: Girrafesarethirtytimeslikelytobehitbylightningthanpeople
This strategy can help you remember your password better – but remember it should be unique and somewhat random.
Using acronyms is another great way to remember your password without compromising strength. Acronyms allow you to create your string of “random” numbers and letters out of something that you’ll always be able to recall. It’s easy: Take a lyric from your favourite song and only take the first letter from each word to create a long password.
Lyric: Sing us a song, you’re the piano man. Sing us a song tonight. Well, we’re all in the mood for a melody and you’ve got us feeling alright.
Password: Suasytpmsuast.
If you use a passphrase or pass-acroynym select purposeful spelling errors as your own code to make the password even stronger. You can choose certain letters that can be replaced by numbers – For example, using 3 in place of any E’s in your password. Or, you could use special characters in place of letters. For example, replacing all your N’s with &s. Using this trick doesn’t mean you can go back to using your dog’s name for your password, but it’s an additional tool to use alongside your passphrase.
This: GiraffesThirtyLightningPeople
Becomes: GiraffsThirtyLight&i&gPeeple
A password technique commonly used by software developers is camel case. Camel case is used when spaces are not allowed in programming variables, so the first letter of each word is capitalized to make it easier to read a string of words all smushed together. But when used as a passphrase, you may add capitals at some interval of characters, but to make your password even harder to guess, using a pattern that only you know. For example, every third letter is capitalized.
This: LampRoseTeardropCar
Becomes: LamProSetEarDroPcar
Spaces are an extremely simple but powerful way to enhance your passwords. Many people forget, but spaces are sometimes considered special characters. Adding a “ “ in your password is just as helpful as adding a “&”, but can be so much easier for you to remember. Try taking your typical password and adding spaces between each word. Even better, use the camel case strategy and create your pattern for spaces, like a space between every 5 characters.
This: GiraffesThirtyLightningPeople
Becomes: Giraffes Thirty Lightning People
Even Better: Giraf fesTh irtyL ightn ingPe ople
If the program you are using doesn’t allow spaces in passwords, other special characters work just as well. Instead of using a space between every word, you could use a /.
This: GiraffesThirtyLightningPeople
Becomes: Giraffes/Thirty/Lightning/People
Even Better: Giraf/fesTh/irtyL/ightn/ingPe/ople
If you continue to fall back on the same excuse of not being able to remember anything besides your kids’ or dog’s name, then there is still a trick for you. Create your keyboard code to transform a very weak password into a stronger password. For example, decide that when you type out your typical password, each letter will be the letter above it on the keyboard. This makes a “random” password out of the password that you can remember.
This: CharlieConnorSarah
Becomes: Dyq4o83D9hh94Wq4qy (This can get complicated if you already have a number in the original, but you get the idea.)
Then, use some of our other tricks like camel case patterns, spaces, or special characters to increase the strength of your password even more.
Even with all of these tips, remember to never use the same password more than once and to update your passwords regularly. A common practice for cyber criminals after breaches is to try the usernames and passwords on different platforms. So, if your Netflix password is the same as your banking password and Netflix was breached, it won’t take long for the scammer to hack into your finances.
We know that in this day and age, people have way too many accounts to remember every password. That’s why the best practice is to have a password manager. It allows you to have extremely hard-to-guess passwords for every account you have. All you need is a strong master password that you can create and remember using these tips.
By implementing these strategies, you are strengthening the first layer of protection for all of your personal and professional accounts. Even if it seems like these new practices will take away a few seconds of your day, know that it will be worth it in the long run. Encourage your friends, family members, and employees to do the same to create a safer cyber environment. Stay secure!
Have questions about how to better protect your organization from these emerging threats? Our Director of Cyber Security Solutions, Ryan, can answer any of your questions in a free 1-on-1 Q&A.
No sales, no pitches – Just expert security advice to help create a more positive and informed security culture.