Leave a comment

3 ways to craft great passwords based on new research

3 ways to craft great passwords based on new research
© Kiosea39 | Dreamstime

What's the biggest hassle of the digital era? Almost of all of us can agree: passwords.

It's so frustrating to be stopped midstream during the workday to reset passwords. It's worse when you're in a rush at home, maybe to book a flight or pay a bill and all of a sudden you see, "Incorrect password."

This huge headache is so commonplace that we just grit our teeth, waste up to 15 minutes and go through the ordeal of creating new passwords. You click "forgot password" and get an email with a link to a new one.

If this is your everyday life, you'll love to hear this. We finally have some good news about passwords: They can be far less complex than the long combination of letters, numbers and symbols that we now associate with online safety.

Bonus: Keep reading for a few suggestions to create easy-to-remember but difficult-to-guess passwords.

What you’ve been doing wrong

There's a reason we've been conditioned to think strong passwords resemble something like $%TH512K!&&. It started in 2003 with guidelines from the National Institute of Standards and Technology (NIST).

The group promoted difficult-to-remember, random combinations of numbers, letters and symbols. The concept is a good one: If you have trouble remembering your passwords, then hackers will have difficulty guessing them.

You won't believe this! The NIST employee who created those guidelines now said he regrets it. He doesn't regret it because it's a bad idea.

He regrets it because it's not practical. It is difficult for people to remember passwords. It's also difficult for website publishers to monitor passwords.

For instance, we all know PASSWORD is an easy password for hackers to guess. But it's probably just as easy to guess a similar one that complies with the NIST standards, like P@ssword1.

Passwords should withstand 100 guesses

Do you know how easy it is for a hacker to guess your password? This is alarming.

Hackers can guess the average person's password nearly 73 percent of the time when they know some information about you. Just think about the massive data breaches we've been telling you about, like the recent one at Equifax that affected millions of people.

A lot of your personal information is already in hackers' hands. That includes passwords you've used on other sites.

If you're like most people, you often use some variation of the same password, like Party!Animal1, then Party!Animal2. That makes it incredibly easy for hackers to guess your passwords.

It wouldn't be hard for anyone to guess that your next password might be Party!Animal3. Researchers from Lancaster University, Peking University and Fujian Normal University, who conducted the study, suggest that websites cut off hackers sooner than the current suggested cutoff of 100 guesses.

Bonus: You're still going to have many passwords to remember, although it will be less of a hassle than it is now. You might want to sign up for a password manager, like Dashlane.

Password managers can create strong passwords for you. They also store many passwords behind one password. Once you sign into your password manager, you can see all the other passwords you've stored there.

Your new password guidelines

NIST now says your password can be easy to remember and still be extremely difficult for hackers to guess. This is something Kim Komando has long advocated: Use a phrase that only you'll remember, instead of a complex group of numbers, letters and symbols.

Use something you'll remember like, MySecondSonsNameIsPeter. What hacker will ever guess that?

NIST goes further with its newly released guidelines to make passphrases easier to remember and harder to guess. They recommend allowing passphrases to include spaces in between words. The new guidelines will allow you to use up to 64 characters.

So, say goodbye to ^JJKL1!!lkjlj#. Instead, you might create a passphrase such as, I love the Kim Komando podcasts. That's much more user-friendly and precisely the point behind NIST issuing new guidelines.

Bonus: Why “ilovefreshsashimituna” is a great password

The one security setting to always turn on

Do you use Facebook? How about Google? Do you log into your bank account and credit cards online?

Of course, you do. We all access an incredible amount of personal information online every day. Hackers and criminals want access to all of it and, as we've seen with the Equifax data breach, hackers have lots of information about you.

Here is one, simple security tip to keep your personal information secure. Don't worry: Click here and we'll walk you through just a few steps to set it up!

Next Story
Free way to track GPS, phone calls, text messages and web activity on a phone
Previous Tips

Free way to track GPS, phone calls, text messages and web activity on a phone

Sponsored: Carbonite vs. IDrive, what’s the difference?
Next Tips

Sponsored: Carbonite vs. IDrive, what’s the difference?

View Comments ()