Internet Security: The 3 Rules for Creating Strong Passwords

There are lots of different ways in which individuals and organisations can render themselves vulnerable to cyber-attacks and defending yourself effectively at all times against a full array of online nasties is not always easy.  It is more important than ever to be vigilant with your internet security policies and the safeguarding of passwords should feature high upon your priority list.

One of the surest ways to open yourself up to potential hackers, data thieves or fraudsters is to use passwords that aren’t fit for purpose and that are easy for anyone with malign intentions to guess correctly or otherwise unlock.

With that in mind, here are vitally important 3 rules for creating a strong password that will go a long way towards making life much more difficult for anyone looking to hack into your online accounts.

Rule 1 – Use more than eight characters

A determined hacker will aim to attack your website, as well as your social media and bank accounts if they can, in an effort to access all and any data they can find on you. So you need to make the associated passwords difficult to guess and the most obvious way to do that is to have your password include eight or more characters.

In addition to being relatively long, your passwords should also include a combination of letters, symbols, numbers and don’t forget spaces as this makes them a lot more complex and unique so that they aren’t easy to guess at correctly.

Rule 2 – Always use different passwords for different platforms

It is common knowledge that a password that is longer than eight characters, contains spaces, uses words that cannot be found in the dictionary and includes numbers and symbols will be almost impossible to crack. However, for an added element of protection, it’s important as well not to use the same password for all your different online accounts.

Using the same password across different accounts adds to your security vulnerability because it then only requires someone to crack your password on one platform to open up access to all your other accounts at the same time.

It can be useful to come up with a system to help yourself remember your different passwords for particular websites but, if you do so, you also have to make sure that your system isn’t itself vulnerable to being stolen or cracked by online criminals.

Rule 3 – Use a password manager

Memorising all your different passwords can be extremely difficult after a while so it is good practice to use some sort of password management system. The best examples of these systems and services include LastPass, KeyPass and DashLane.

Password managers allow you to use random combinations in all your passwords. They are stored in the cloud so you can access them any time via your mobile, laptop or desktop computer and all you have to remember to access your details is the one password you use for your password manager account.

Using a password manager is generally a much safer way to store your passwords for different accounts than to have them all written down. Plus you can avoid the frustration of struggling to remember your passwords for a particular website.


Password policies for businesses

Having an official password policy in place demonstrates that your IT department is thinking about the life-cycle of your company’s password. Specifically, it means you’re looking at how they’re chosen, how often they should be changed and how they should be protected from hackers or cyber threats of all kinds.

Password policies normally focus on two key areas in particular – how passwords should be created and how they are protected.

Password creation normally covers issues around complexity and uniqueness; you will want to give examples of both good and bad passwords. The policy will also stipulate the lifespan of a password and how default passwords are used e.g. for new employees.

Here is a simple password policy example courtesy of IBM:

Password protection focuses on the issue of not sharing your passwords with anyone inside or outside your company. It also covers password management systems and stipulates approved systems or makes clear that your in-house IT experts need to sign off on the use of any form of password management system.

Training your staff

In the end, it doesn’t really matter how good your internet security is or how complex your passwords are if your employees don’t understand their responsibilities in terms of safeguarding and protecting your company’s information resources and its IT networks.

All companies regardless of size should provide security awareness training and look specifically at the creation and protection of passwords. The key is to focus on the role every staff member at your company plays in keeping you, them and everybody else safe from the data threats that we know are out there.

As ever, if you have any questions about password management or any other aspect of internet security then please do get in touch.