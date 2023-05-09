NCFE
|Printable version
How to create a strong password (and keep away the hackers!)
Passwords – they’re something that we all need, as well as something that we’ve all struggled with creating, remembering and forgetting. They're just as important as ever, and when done correctly, can still be the last fortress of internet security. But what makes a strong password? And why is having a strong password so important?
Recent research revealed that 10,000 of the most common passwords allowed access to 98% of all accounts. Further to this, 1 in 5 of us rely on passwords that are over a decade old.
As such, I wanted to take this opportunity to ask this: when was the last time you considered whether your password practice is at an optimum level? Personally, I use World Password Day – which takes place on the first Thursday in May each year – as my own reminder to update and refresh my most important passwords.
Getting your ingredients right
First, let’s ask ourselves what the ingredients for a good password are. Using something memorable? The use of letters, numbers and special characters, such as “&”, “!” or “*”?
It's unlikely that anyone is using “Password1” for anything they want to keep secure, but the problem with passwords is that we’ve been conditioned to adopt poor practice when it comes to choosing them. While we accept that “Password1” is weak, “P@ssword!” may feel like a much stronger alternative – but the reality is, it isn’t!
Much of this issue stems from our perceptions of cyber security and the mental images that we might conjure up around cyber hacks. Many of us will picture a hoodie-wearing hacker in a dark room trying to get into our accounts by typing “password”, “password1” “password2”, “password3”, continuing a single attempt at a time.
Choosing something like “P@ssword!” feels safer, as we think we’ve made it harder to guess for this lone individual hacker by using special characters instead of just letters and numbers. This is what we’ve been taught, after all – to make sure we use at least one number and one special character. So why isn’t this best practice?
The importance of keeping it memorable
Rather than a hacker in a dark room, I’d say that a far more accurate image for us to consider when it comes to cyber hacks is a giant supercomputer which can go through billions of attempts per second – as this is very much the reality. Even freely available tools can undertake a simple attack to cycle through thousands of attempts per second.
But when we read information like this, our instinct is to go to the opposite end of the scale and create passwords that are perceived to be extra strong – such as “Z$yZe9SPt;pf”. While this is indeed much harder for a computer to guess, our password is now really difficult for us to remember!
When we’re forced to create passwords like this, or into using random password generators which conjure up similar strings of nonsensical characters, it increases the likelihood of us needing to write it down in order to remember it – which is also poor practice from a security perspective.
My recipe for a strong, secure password
So, what’s the solution? I always find that a lack of entropy (that is, a lack of predictability) is a helpful concept here.
Choosing three words that have no real business being together can work well – for example, I might choose “glasses”, “microphone” and “fan” and combine these into a phrase (“glassesmicrophonefan”). All three are items that I can see when sitting at my desk, making them easy enough for me to remember without having to write them down.
Now, let’s capitalise each word for a little extra nudge and add a question mark on the end – we arrive at “GlassesMicrophoneFan?”. We can then use what is known as a password checker to test strength and resilience, by estimating how long any given password will take to crack (which I highly recommend doing!)
For “GlassesMicrophoneFan?”, the checker indicates that it would take 23 years to crack – this is in stark comparison to the 0 seconds that it reportedly would take to crack “P@ssword!”.
Where possible, I also recommend using 2-step verification (also known as multi-factor authentication) to provide a further layer of security to your accounts. This might be in the form of using your fingerprint to verify your identity on a mobile phone app, or using a separate email account to receive a one-time code that must be entered to gain access.
My recipe for how to create a strong password is as follows:
- Make it random but memorable, and therefore strong and resilient
- Add special characters (but don’t go overboard!)
- Use a password checker to test its strength
- Use 2-step verification or MFA where possible
- If you haven’t done so in a while – update your passwords!
To read the latest features from our digital sector experts and learn more about the qualifications we offer in this area, visit our Digital homepage.
Original article link: https://www.ncfe.org.uk/all-articles/creating-a-strong-password/
T: 0191 239 8000
F: 0191 239 8001
E: service@ncfe.org.uk
@NCFE
Latest News from
NCFE
An ancient spectacle for a modern world: which traditions will we see at the coronation?05/05/2023 14:15:00
In a magnificent procession last week, the Stone of Scone – or the Stone of Destiny – arrived at Westminster Abbey from Edinburgh castle, one of the oldest fortified castles in Europe.
How T Level students are shaping the future of learning using virtual reality02/05/2023 16:15:00
One of the things that I love the most about working in innovation is witnessing pioneering new technology come to life – from the page, through to the prototype. So, you can imagine how thrilled I was when Calderdale College in Halifax invited colleagues from our Innovation and Investments and our Learning and Technology Resources teams to attend a virtual reality (VR) testing day earlier this month!
New youth work qualification launches for professionals working with young people28/04/2023 16:15:00
A brand new youth work qualification has been launched offering professional development opportunities for individuals working with young people, including social workers, police officers, teachers, and emergency service workers.
Why even movie stars need maths24/04/2023 11:15:00
In this article which was recently featured in FE News, David Redden explains why having a spotlight on maths can be an opportunity to ensure people are equipped with the essential skills they need to thrive.
How I turned my passion for the environment into a career in sustainability20/04/2023 14:15:00
Laura McGrath is the Director of Sustainability and Community at Shelborn Asset Management and looks after four business parks across England and Scotland.
£200K assessment innovation fund opens for next round of applications18/04/2023 11:05:00
charitable fund offering up to £200K to help develop new and innovative approaches to assessment has opened for new applications.
What is Gateway in an apprenticeship?04/04/2023 14:15:00
Whether you’re a training provider, college, employer, or a current or aspiring apprentice, you’ll likely have come across the term ‘Gateway’ in relation to reaching the final assessment stage of an apprenticeship.
Almost half of children missing out on trips and outings outside of school due to cost of living pressures28/03/2023 15:15:15
Rampant prices and cost of living pressures have led to nearly half of children missing out on trips and outings outside of school, with parents also unable to able to afford educational resources and extra-curricular activities.
AoC 2022: 5 ways that colleges can support their communities in the cost of living crisis06/12/2022 16:15:00
Attending last week’s AoC 2022 Annual Conference, it was clear from the outset that the cost of living crisis was going to be one of the most hotly discussed topics of the event – how could it not? Learners, parents, employers and colleges themselves currently share both similar and unique concerns around how cost is going to impact on lifelong education and the future of work.