Using a single password across your digital life is not only not advised, it’s unsafe.
Imagine using “Password1” as your password to login to Netflix and your mobile banking account. You share your Netflix password with a friend or your kids, who writes it on a piece of paper that gets intercepted by a stranger in the trash. One day you notice your savings has a $500.00 withdrawal that you did not know about.
Although using a single password is convenient, it can lead to situations like this one where your personal information is at risk online. Strong passwords can protect your private information from falling into the wrong hands.
The NIST Guidelines
Why then, why is “Password1” so beloved and used across so many sites by so many people? Well, because we were taught to use it early on per privacy standards that are sorely outdated. The old National Institute of Standards and Technology’s (NIST) misinformation regarding password strength was originally perpetuated by Bill Burr back in 2003, in which he incorrectly defined what type of passwords would be the most secure. He admitted to The Wall Street Journal that his research came from a whitepaper from the 1980’s, and those outdated policies were put into practice as the “standards” of a secure password.
What Users Need to Know About Password Security
You may be wiser than the above scenario. You may have “Password1” for Netflix and “Password2” for your bank. However, the changing of a single character, or even several, is still vulnerable to sophisticated hackers. These hackers use automated software to try and guess your password at the rate of hundreds of times a minute.
If there is computing power set against you and your security, why not put it to use for you?
According to betterbuys.com it takes 5 hours to crack “abcdefgh” which is 8 characters long. They theorize it takes 2 Centuries to crack “abcdefghijkl” which is 12 characters. That’s only a 4-character difference. Password character length matters. If you start introducing numbers, special characters and uppercase into your safe password, you will not only extend your hacking time, you are on your way to stronger and more secure passwords.
The NIST has done more research and updated the standards for passwords. Check here for the full document. They recommend a minimum of 8 characters for a password. The maximum recommended limit is 64 characters.
What Brands Need to Know About Password Security
It’s also important for companies and brands to be conscious of password security. As a brand, you and your employees have access to sensitive user information. It is not only your responsibility to protect your user’s data, but it is also your responsibility to help your users protect their own data. A strong and complex password is a key security feature that websites and organizations need to support in order to protect and retain customers.
Companies that require passwords to access apps and websites should prioritize usability and security by requiring a minimum password length, and character strings that include randomly chosen numbers, symbols, and letters. To improve usability, allow users to paste passwords into verifiers for more ease of use. With the prevalence of password managers such as 1Password or Dashlane, copying and pasting complex passwords has become much easier and safer.
The NIST have also instituted that brands and sites notify users if their passwords are the same as a previously breached or hacked database. They also will NOT allow users to use their beloved “Password1” or “12345678” as they are on their “known-bad choice” dictionary along with other easily hacked or guessed passwords.
Brands should also be cautious and aware of how their company’s logins and passwords are stored and maintained. Use a password manager to protect these private logins. 1Password offers business accounts that allow you to share and manage vaults. This way employees only have access to necessary logins and the same password isn’t shared across the entire company.
Before giving out a password to another coworker, stop and consider the business need. Does this coworker really need the password or is this task something you could complete without sharing login information? Remember, the more people with access to a password, the more at risk your user’s data is.
Regularly change your company’s passwords. Before sharing the new password with your coworkers and employees, stop and consider who really needs this new password. Try to limit the number of people who have access to sensitive information.
How to Create a Strong Password
The standards are now such that all password fields accept pasting into the password fields. This is very useful as now you can have an encrypted and secure list of your passwords.
If you don’t feel technical enough to do that there are some free Password Manager applications you can look into, check out pcmag.com for a list of great options. Some will allow you to change and save all your passwords and may let you know where you are using the same password.
Here is a quick list to change your “Password1” to a more secure and stronger password:
- More than 8 characters long (Recommended at least 12)
- Use Uppercase, lowercase, special characters, and numbers (P@ss%0R7)
- Using a sentence or phrase that you can remember (I like eating food)
Using the steps above you might end up with a password that looks like this:
Don’t worry if it looks hard to remember but if you are typing it in a lot you will easily remember every time you type it. Regularly update your passwords and encourage your organization to do the same. It’s up to both brands and users to keep sensitive information safe by maintaining password safety and security.