Computer tech professionals are debunking common misconceptions about password strength and giving businesses and individuals alike tips on how to create hard-to-hack passwords.
They advise businesses and employees where they can safely store passwords, how to design a strong password and how to use multiple authentications to deter hackers from gaining access to accounts.
“You don’t have to have multiple passwords,” said Jack Ressel, technician at Double Click Computers in Bethlehem Township. “…It is better to have one memorable password than one with a bunch of uppercase and lowercase letters and some numbers.”
Ressel and others say that contrary to popular belief, complicated passwords with uppercase and lowercase letters, symbols and exclamation points will not prevent a cybercriminal from getting into one’s online accounts, personal information and bank account information.
In addition, it is best to avoid using a password that includes your birthday, pet name, home address and other information that can be gleaned through social media or online research. These types of passwords are weak.
“If you are going to go the route of upper and lowercase letters, try putting the capital letter in the middle of the password and not right at the beginning or end,” Ressel said, noting that using the same password across multiple accounts could work if you change the letters that get capitalized and where the numbers are placed.
Often, computer users think they need to add sequential numbers in their password. Using “password123,” for example, is a big no-no.
Ressel said someone still can use sequential numbers, but place them with a memorable phrase.
For example, consider “The door is locked.” Use the first letter from each of those words and add 123 for a password of “tdil123.”
“It really doesn’t matter if the password is short or long,” he said. “However, many websites will require a password with a set number of characters and uppercase and lowercase letters.”
Computer professionals said hackers do not make just a couple of guesses to crack into a business or person’s computer.
Instead, they use computer programs that guess millions and billions of passwords in a short amount of time.
Many times, hackers are focused on words from a dictionary.
CREATE A SENTENCE
Like Ressel, Wayne Will of Digital Forge Cyber Assurance Group in Utah recommended computer users create a phrase or sentence they will remember and use it to create their password.
He said a password can be generated using the first letter of each word in the phrase or sentence and adding a few numbers or symbols.
In essence, this will make a password that most likely won’t come out of a dictionary and is not easily detected by a hacker’s sophisticated programs, said Will, whose company handles cybersecurity for Crossroads Technologies Inc. in Wyomissing.
OFF THE DESKTOP
Will said people make a big mistake by putting all of their passwords on their desktop or placing passwords in an online account such as Yahoo.
Given a choice between putting one’s passwords on a computer or writing them on paper and storing in a desk, opt for the latter.
“If you create a phrase or a sentence, write that down as a way to jog your memory,’ Will said.
“This way, if someone sees that phrase laying on your desk, they won’t know what they are looking at and you can keep it right in front of you.”
Businesses now are using services available online that manage passwords.
For example, a program called LastPass encrypts the passwords of computer users and stores them in a vault online that can only be opened via a master password.
Businesses also use multiple-factor authentication to keep hackers at bay.
George Sanchez, owner of TeamLogic IT in South Whitehall Township, said password management tools such as LastPass are highly secure, and the user only needs to remember one master password to tap into the vault.
SCRAMBLE THE LETTERS
Sanchez said users should not use simple or short words in passwords. And while people want to stay away from pet names or birthdays in their password, they should choose one that still is personal to them.
“For instance, you can use the street you grew up on but scramble the letters,” Sanchez said, and put a few capital letters in it or spell something backward.
“If you have to change your password often, that is a good indication that it is too weak,” he said.
Will also said one of the best ways to protect accounts is to use two-factor authentication. The user has the standard username and password but also has a one-time second password sent to another device – one’s smartphone, for example – in order to access online accounts.
Companies also can install fingerprint or retina scanners or give cards, tokens or key fobs to employees that generate a one-time passcode.
“I do not really trust these vault services. In this day and age, if it’s online, it can get hacked. That master password can be found by a hacker,” Will said.
“Multifactor authentication offers more robust security, but it can be cost-prohibitive for businesses to implement.”
CREATING A STOUT PASSWORD
A strong password results in fewer data breaches at companies and makes it easier to safeguard personal information. Here are tips from computer tech professionals when creating a password:
Choose a password that doesn’t come directly from a dictionary.
Create a password that is memorable but not so personal that it is public knowledge. Avoid using pet names, birthdays and home addresses.
A password with uppercase and lowercase letters, symbols and exclamation points still can be good, but one should mix it up by placing the capital letters in the middle of the word or password, not at the beginning or end.
Use a phrase or sentence to design your password and perhaps add numbers or symbols. For example, the phrase, “He wore his yellow raincoat at 8 o’clock.” That password would be “hwhyra8o.”
Consider using a password management program such as LastPass that stores all of your passwords and can be unlocked with a master password.
Use multifactor authentication to protect the security of your password. There are the usual username and password, but then a second password is sent to your smartphone to access your account. Other multifactor authentication techniques include fingerprint and retina scans or using a key fob, card or token with a one-time passcode.