Strong password policies have come a long way. How many people remember the 1995 movie Hackers. It had a very young short haired Angelina Jolie in it but the point was the entire mess started with one of the hackers being able to access files that should have been secure. All because the executive with the company had his password as “god”.
Fact: Every extra character in your password increases the difficulty for hackers to crack it.
The most commonly used password is…123456.
And it’s closely followed by just as insecure passwords like “password”, “welcome”, and “12345″.
Think one extra letter or number doesn’t mean much? Consider this:
A 6-character password with only letters has 308,915,776 possible combinations.
An 8-character password with only letters has 208,827,064,576 possible combinations.
An 8-character password with letters (upper & lower case) and includes numbers and symbols has 6,095,689,385,410,816 possible combinations.
Creating a strong password policy is key to helping users safeguard these critical systems they rely on every day. While additional complexity can seem like an inconvenience to many users, it shouldn’t prevent a strong password policy being implemented in your organization.
Now that you’ve come up with the strongest password possible, it’s time to absorb some principles of good password security practice in daily life:
- Never disclose usernames and passwords to third parties
- Never store usernames and passwords on paper or in an unencrypted computer file
- Update your account password at least every 6 months
- Do not use passwords that have been used in the past
- Never provide credentials when requested through email
- Run regular virus scans on your computer
- Use Two-Factor Authentication (2FA). With 2FA, you will receive a text message for login and password reset requests. You may choose between SMS, OneTouch, and TOTP (Time-Based One-Time Password) 2FA authentication.
If you have to share a password, use a site like a one-time secret. This site creates a link to a page with your password info (or whatever info you choose), and once the page is viewed once, it is gone forever.
Don’t save passwords or use “remember me” on public computers