Managing passwords for all your online logins is a headache for most of use. Remembering the six to eight characters you use to login to your many online accounts is so difficult that most people resort to using a very simple, easily-remembered password, and re-using that same password across multiple accounts.
Then there is the added frustration when a company requires you to use a combination of upper and lower case letters, numbers and special characters to make the password more secure and harder to crack.
What if I told you that even these more complex 8 character passwords are still too risky and that you should be using passwords with a minimum of 13 characters?
Size does matter when it comes to passwords
Conventional thinking has been that complexity is more important than length. This may be true if your primary concern is stopping someone physically sitting at your computer and hacking your account by guessing a password. If you are guilty of using passwords such as your pets name, birth date, etc. then a complex, eight character password is much more effective. But for sophisticated hackers that utilise programs to try thousands of combinations every second, password length is far more important for security than complexity.
For example, if you have 94 characters at your disposal (all the normal characters you can type on a 101 key keyboard) and an eight character password, that gives you 6,095,689,385,410,816 possible passwords – which is indeed uncrackable. The problem with this scenario is that studies have shown that people typically choose to include the same 32 characters.
In addition, most users also use dictionary words as the root to their “complex” password, and follow other common conventions such as capitalised letters at the beginning with numbers at the end. A simple hybrid attack will break most of them in less than a day. I’d bet that you’ve just read that and thought, “that’s exactly what I do”.
So that’s the bad news, now time for the good news
Using longer passwords allows users to use passphrases instead of passwords. This can make it easier to remember your new, strong ‘passwords’. Your password could be, ‘I-own-2-cats&adog’. That’s a good mixture of 17 characters that should be easy enough for you to remember. You can then add an additional word or numbers on to the end of that password, and use variations of it on other sites.
Or to ensure that your passwords are truly random, consider using a password generator. This will ensure that you don’t fall into the trap of using the same 32 characters everytime. Here is some additional advice on setting up a strong password.
Then if you want to take all the hassle out of remembering all the usernames and passwords for the sites you login to, consider using a tool like LastPass. It’s free to use and makes logging into websites a breeze. Just remember to log out of it when you finish using your computer, and of course use a very secure password for your LastPass account.
By Aaron Enright