Diamond IT Blog

The fundamentals of a secure password

Written by Hannah Donnelly | November 24, 2020

This year, the number of cyber security threats targeting Australian organisations and their employees has skyrocketed. 

Cybercriminals have taken full advantage of the evolving COVID-19 situation, creating a multitude of new scams, spoofing attacks, and zero-day cyberattacks to try and gain access to the computers of the unsuspecting. 

And while the Australian Cyber Security Centre (ACSC) continues with a stern warning around new cyber security threats, many individuals online security and in particular, their password security practices, remain unchanged.

A recent report by Password Managing software, LastPass, has revealed that 90% of Australians know that reusing the same password across multiple devices and systems is insecure, yet two-thirds do it anyway.

The fact that the cyber security fundamental of creating secure passwords is being overlooked is a startling statistic. And so, in this article, we revisit the basics considerations of a secure password.

 

5 password security basics

1. The longer the better: At a minimum, you should have 8 characters in your password, however, we recommend 12 or more.

2. Complexity: Adding numbers and characters greatly increases the strength of a password, as does a combination of lower and upper case letters.

3. Avoid repetition: Try to avoid creating a complex password, then incrementing it by one character each time you’re asked to change it. And remember - it is essential not to use the same password across multiple devices and systems. This is where the use of a password manager program can come in handy.

4. Avoid obvious words/phrases: It concerns us that we still have to say it, but don't create passwords using obvious phrases like “Password1", "QWERTY", "asdfjkl", "abc123". Dictionary brute force cyber attacks start with these obvious phrases.

5. Don’t write it down: Don’t record your password anywhere, especially not on a post-it note on your desk!

 


How to create a secure password that you’ll remember

Option 1: Turn a phrase into a password

One suggested method of creating a secure, and memorable password is to use the first letter from a favourite phrase (passphrase).

An example could be something you regularly say, for example: "Did you buy more milk from the shop". This can be turned into the password "Dybmmfts". This alone isn’t secure enough, but by adding numbers and characters such as "Dybmmfts?12", it’ll create a strong password.

The Australian Cyber Security Centre (ACSC) recommends that passphrases are most effective when they are:

  • Unique – not a famous phrase or lyric, and not re-used.
  • Longer – phrases are generally longer than words.
  • Complex – naturally occurring in a sentence with uppercase, symbols and punctuation.
  • Easy to remember – saves you being locked out.
  • Used with multi-factor authentication.

Option 2: Use several keywords together

Another option to create a strong password is to use several keywords together to create a less complex but longer password.

In this case, make sure that the words aren’t in the same order that they would appear in a sentence.’MyBigBrickHouse’ for example is not a good password. But something like ‘Housebigbrick’ is much better, and if you add some characters and uppercase letters (‘$HouseBigBrick!’), you’ll have a very secure password. Some tricks to think about here is to use words that you’ll remember, such as the name of an unusual street that you pass each morning on your way to work.

 

Option 3: Use a Password Manager

At the end of the day, remembering multiple passwords can be tricky, particularly when it is recommended to change them frequently. A password manager is a program that will take away the pain of remembering your passwords by generating and remembering secure passwords for you. This software can be installed  on your computer, smartphone or tablet, where it will generate and remember secure passwords for you. Some password managers will even sync across your devices. 

 

How can Diamond help?

If you want to educate your employees on how to create and maintain secure passwords, our staff education programs and policy and procedure reviews can help. Our Business Technology Managers (BTMs) are specialists in improving your internal cybersecurity.


If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, our team of Cybersecurity experts are ready to help. Contact our team on 1300 307 907 today.