#1 Variety is key
A secure password should on no accounts consist only of letters. You must also use numbers, special characters and caps. Not only do they thwart the dictionary method, they also make a successful brute force attack significantly more difficult. A great trick is to replace letters with numbers and special characters, so an “i” will become “!”, an “o” turns into a “0” and “s” is written as “$”. This way, the simple term “Microsoft” morphs into the substantially harder word “M!cr0$0ft”.
#2 Length matters
It’s easy: the longer the password, the harder it is to crack. The length of the code can be decisive, especially for brute force attacks. The following calculation example indicates the principal:
Possible number of combinations = Number of characterspassword length
So if you use a seven-digit password consisting of caps, letters and numbers (62 characters), the possible number of combinations is 3,521,614,606,208 (over 3.5 trillion). The number rises to 218 trillion cycles needed to crack the code, merely by adding another digit. This means that if your password comprises more than 10 digits and additional special characters, decryption would take several years.
#3 The easy way to create a password
This trick shows you how to create a complex password that only you can remember. Think of a sentence and place the first letters of each word in a row. So the sentence, “My Name is Joe Bloggs and I was born on 1 January 1900!” would produce the following password: “MNjJBaIwbo1J1900!” It’s long, contains numbers, special characters, caps and letters, and it’s definitely not found in any dictionary. Perfect!
The World Wide Web can also come to your assistance if you don’t want to think up your own password. There are plenty of password generators on the Internet that use random strings to produce a password. But be careful! It’s very difficult to remember these combinations.
#4 Reset your password?
The trickiest question among security managers: is it important to reset passwords regularly? And if so, in which intervals? It may appear sensible to change passwords regularly to ward off cyber-attacks, at least at first glance. But experts take a nuanced view. Many users only make minor changes to their password, turning “password1” into “password2”. These patterns are easy to predict. What’s more, people tend to choose easy passwords if they know that they have to be changed soon anyway.
To reset or not to reset? Our expert Rene Schoppe, IT Security Sales Specialist, advises:
“I recommend changing your password on a quarterly basis, so every three months. That’s also the general advice given by the Federal Office for Information Security (BSI). Most systems send an automatic reminder every 2 to 3 months to restore the password, and so it is wise not to ignore this advice. You need to reset your password immediately following a successful hack of a portal you use and the theft of data. The most important aspect is to use a secure password. Password generators are handy tools in this regard.”
#5 Top secret!
Some may believe that this tip is blatantly obvious, but it is still the most important one: never give anyone your password. Not even a friend, colleague or spouse. Also refrain from keeping notes of your passwords. While they make it easier to remember the codes, the implications can be fatal if they fall into the wrong hands.