Posted 10/26/2017
The Changing World of Passwords
Forget everything you were told in the past about creating passwords. Well, the pearl of wisdom about not leaving a sticky note of passwords attached to your computer screen—remember that one. And how about, “Keep your passwords confidential.” An overtly obvious piece of advice that, nonetheless, still needs to be reiterated. Do not share passwords. Period.
But the standard guidelines, such as make it complicated, add a number(s) and a symbol, and change the password regularly have, for the most part, fallen out of favor. And here’s why:
- Complicated, hard-to-remember passwords beg to be written on paper and stored close to the computer - a colossal no-no that continues to happen. Why? Because the frustration of a forgotten password can ruin an entire day. Still, it’s a bad idea.
- “Add a number or symbol” is simply not enough anymore. Tacking a “1” or an “!” on the end of a simple word is far too obvious when it comes to today’s sophisticated scammer. Now the recommendations are to use multiple numbers and symbols along with a mix of uppercase and lowercase letters and toss in a space or two for good measure. Random and long are the most common recommendations. Now that intruders have access to machines that can test thousands or even millions of possible passwords per second, the length of the password has a substantial impact on an attacker’s ability to crack it.
- To reset or not reset? The experts are divided on this approach to password security. While switching up your password on a regular basis sounds sensible, it pays little to no dividend if a) The new password varies only slightly from the old and b) The user chooses an easy-peasy-to-remember password because it will have to be changed again soon. So, it’s not a matter of whether or not to exchange the old for something new - it’s a matter of how effective the password itself is.