The importance of using a strong password

The average password is short, obvious, and easy to crack. Most people believe they have a strong password, but in reality, their choice of password statistically falls short of what is recommended. In this article, we will explore the importance of using a strong password.

Password entropy

Entropy is the technical way to measure password strength. Entropy is a measurement (in bits) of how hard it is to crack a password. This is calculated through a combination of the character set used (upper case, lower case, special characters) with the password length.

A password with 1 bit of entropy would be able to be guessed right on the first attempt half the time. For each successive bit, the password becomes harder to crack. When creating a password, it is recommended to adhere to the following as a minimum.

  • Include an upper and lower case character, a number, and a special character.
  • Don’t use words that could be linked to you (e.g your name or a part of your username).
  • Ensure you use a password with a minimum of 8 characters, however, I would recommend closer to 20+.

Password managers

The above list is a great start, but there are other things to consider. Best practice around password security should be focused on using a password manager. A password manager (such as Keepass or Lastpass) allows you to create strong individual passwords for every site and service you use online. It works like a digital safe. You have one database file that you access using a super-strong password that you must memorise. This password should follow the suggestions above and not be stored on a device like a mobile phone or laptop. 

Once you open your database, you can then use the password manager to create highly secure (high-entropy) passwords very quickly for use with any service you sign up with. This is the best practice, as a lot of users repeat the same password for each site they sign up for. This opens you up for risk if someone finds out that particular password and accesses all of your accounts. Using the password manager method ensures all your passwords are unique and hard to crack.

Two-factor authentication

Other related considerations are computer security and multi-factor authentication. To ensure you are not opening yourself to malware, viruses and keyloggers, use an up to date and reputable anti-virus software. Wherever a service allows you to use two-factor authentication (via your phone, another email or using a service such as google authenticator), enable it. Two-factor authentication requires the malicious user to have access to both your password and your other device (such as your mobile) in order for them to mount an attack.

Lastly, we must also be aware of malicious users who employ social engineering to access passwords. For example, requesting your username or password through an email or site that isn’t legitimate. Always ensure you are on the correct URL of your chosen web page.  Then ensure any official email is from a legitimate source. Another form of social engineering is gaining your trust through an ‘investment’ opportunity and then asking for login details to access your account for set up. Again, this is a big red flag. Remember, password security is purely your responsibility, get it right from the start and you shouldn't have any issues.

Use this tool to check your password strength: https://howsecureismypassword.net/