Password Length

With all of the eye opening news surrounding the Heartbleed security flaw last month, there is no better time than right now to do some digital spring cleaning.  And while it may be easier and provide a level of routine to simply hold on to your existing passwords, we strongly encourage you to fight that urge, because there is great reward and security in accomplishing this task.

Here are four tips that should help you get started:

  1. Avoid common passwords. Commonly used passwords include, ‘123456’, ‘password’, ‘111111’, ‘qwerty’, ‘abc123’, ‘iloveyou’, ‘admin’, ‘123123’, ‘monkey’ and ‘sunshine’.  According to a recent study, it is reported that the 100 most commonly passwords make up over 60% of all passwords.  Don’t kid yourself; cybercriminals are fully aware of our lazy practices.
  2. Steer clear of personal passwords. When creating passwords avoid passwords that are based solely on personal information about yourself or your family and that can be seen readily online on your blog, social networking site (ie. Facebook), etc.  For example, if you post a picture on Facebook of your new puppy ‘bernie’, I suggest that you do not change your password(s) to ‘bernie’.
  3. Take the extra time to create a Strong password. Strength of a password is measured by a combination of its length and complexity (mixing in numbers, letters, capitals, symbols, etc.).  And believe it or not, length plays a bigger role in password strength than complexity.   Passwords should be at least 8 characters in length but 12 characters or more should be the norm.  Also, don’t use one word passwords. Believe it or not, 90% of passwords used by all of us today are considered weak.
  4. Get creative when arriving at passwords. I feel that individuality can make creating strong and easy-to-remember passwords enjoyable, especially when sharing the importance of strong passwords with small children and even young adults.  For example, my oldest son really enjoys playing Mario Kart on his DS.  If he used a password like “mariokart”, it wouldn’t pass any of the tips I listed above.  But, what if we got creative and established a password like “Mari0K&rtS3v3n4DS”.  Something he could be trained to remember (do not underestimate a child’s capacity to retain information!) based on something he enjoys and yet we have also establish a strong password.

Here are four tips to help keep your passwords secure:

  1. Don’t share your passwords with others.  A good rule of thumb may be to treat your password like your house key.  It’s probably best not to share your house key with all your neighbors and friends at school and work.
  2. Never text, email or post your passwords online. Any time you share your passwords in this fashion you are essentially allowing full public access to your account information. Using the example above, it would be similar to leaving your front door wide open when you leave home or go on vacation.
  3. Change your passwords regularly.  The hard truth is that no password is truly secure.  Simply consider the discovered Heartbleed flaw.  You also have the human element (socially-engineered schemes, phishing attack victims, etc.).
  4. Use different passwords for different sites and activities.  As the saying goes, don’t to put all your eggs in one basket.  The same can be said in relation to passwords—do not use the same one for everything.  It’s easy but can cost your dearly.  If you happen to get tricked into sharing or entering a password or an e-commerce site falls prey to hacking, you will not have all of your various accounts exploited if you have various passwords.

When I create my next password, I will (a) Seek a group consensus from my closet friends (b) Use my new baby daughter’s name, which I have just introduced to the Facebook world (c) Make it easy on myself and go with my usual go to “password” password or (d) Establish a creative combination of numbers, letters, and symbols that would be at least 12 characters long, and would be most likely known only to me.

If you said “D”, you are correct.  I know most of you are correct in understanding this principle, and it is time now to begin our Spring Cleaning of passwords.  Like any Spring project, you will feel great when it’s finished, and this project may just save your bank account, credit card or social media outlet from being compromised.  Happy Cleaning!

Source: Ministry Tech

 

Shelby Systems has decades of experience helping churches in all aspects of ministry, for assistance contact one of our Ministry Consultants today!