Return to Cloudburst

Passwords: The Frontline Protection for Our Systems

Passwords are still the entry key to most of the systems we use every day. And, as far as we know, software developers are not holed up in a secret bunker far below the sun-parched fields of Area 51 developing DNA scanning software for access to applications…at least not yet. Until then, it’s essential to maintain good quality passwords that are kept private – not written on a sticky note and attached to your monitor (these should be removed!).

Although passwords could be considered a hassle at times, they are in place for good reason to keep hackers out and account information secure. As part of our compliance with the Payment Card Industry (PCI) requirements to protect cardholder data, there are regulations that specify password requirements including length, complexity and how often they must change. You may have wondered why it seems like you are always changing your password in some systems. Changing passwords regularly helps protect the system and data in case somebody does get your password by limiting the amount of time they can use it.

When creating a password, a longer combination of letters, numbers and symbols that can be remembered is best. Single word passwords like Password, which happens to be #1 on this list of 1000 most common passwords, a string of numbers like 12345678 or a combination like password1234 would be considered weak. These passwords should be avoided even if they meet the system’s requirements because they could be easily guessed.

Below are some tips to help you become a password master:

  • Make passwords at least 12 characters long
  • Avoid passwords that can be found in a dictionary, which includes combining two simple words together such as MyPassword1 because hackers can basically throw the dictionary at a system when attempting to brute force their way in
  • Avoid using personal information or common words
  • Include at least three of the following, and preferably all four: uppercase letter, lowercase letter, number, symbol
  • Don’t use the same password on multiple sites – the same core password can be used but at least three of the characters should change by site
  • Consider turning a sentence into a password by taking the first letters or parts of the words and mixing in numbers and symbols
  • Don’t make it so hard to remember that you must write it down

The next time you enter login information, consider if your password is strong enough or could use a refresh.

Here’s another good resource to look up if your personal email address has been hacked: https://haveibeenpwned.com.