With all this talk about protecting passwords, you’d think that not passing your password and not posting your password would be enough.
Unfortunately, some of the biggest issues of security lie with people who reuse passwords, utilize dictionary words, or personal information, or create simple passwords.
This is why many corporate systems require complex passwords that change every 3 months or so.
Complex passwords typically employ the following techniques:
- They are unique – Some systems will not allow you to reuse a password twice in the same year. Other systems may reject a password that is too similar to one used previously or that utilizes personal information (like a name or birthdate).
- They contain Uppercase Letters/Lowercase Letters/Symbols/Numbers – Most systems will specify their preference. If your password is rejected, re-read the specific system’s password requirements to know how to proceed.
- They are at least 8 characters long – Passwords are stored with encryption. The more letters you use, the longer it will take a mal-intender to decrypt it.
What makes a password easy to guess? Well…
- It uses popular phrases: Like “password”. Or “Fall2018”. Or “1234567”. For a list of the most popular passwords NOT to use, check out this list.
- It includes personal information: Like your child’s name, dog’s name, favorite sports team, birthday, or nickname.
- It uses dictionary words: If someone wants to hijack your email, they may start with a Dictionary Attack. A Dictionary Attack pummels your account with words from the American dictionary until it decrypts your password. This can happen fairly quickly. It’s not like there’s a human holding that dictionary – a machine can decrypt a password within minutes if the password is simple enough.
The wisest companies require frequent password changes, complex passwords, and password lockouts to protect their users. If you’ve forgotten your password, you’ve probably experienced a lockout before. It usually allows you 3 failed attempts before you must reset your password through other means. (This is to prevent Dictionary and other attacks.)
While these tactics may be annoying for the user, they are necessary for your protection. You wouldn’t use a padlock to lock your home now, would you? Complex security require complex measures.