Select Page

What makes a password “strong”?

Uncategorized

“Use a strong password.”

You’ve probably heard someone use that phrase by now and you may be wondering what it means.  Well, it doesn’t mean that your password needs to be able to lift heavy weights or perform other feats of strength.  What we really mean by “strong” is a password that meets certain characteristics.  A strong password is one that has a certain length combined with high entropy.  Say what?  That’s right.  Entropy is probably not a word that you use very often but when it comes to a good password, it’s key.  Entropy is “the lack of order or predictability”.  So a password with high entropy would be a collection of very random characters.  That’s why many password policies require a variation of length along with upper and lower case letters, numbers, and special characters.  The policy is forcing you to use a higher level of entropy in your password.  The password “abc123” is a “weak” password because the collection of the characters is very orderly and easy to predict.  2 comes after 3 and c comes after b, and so on.  The higher the level of entropy in a password, the harder it is to guess and crack using automated password cracking algorithms.

But passwords with high entropy are hard to remember!  Yes, they are, and that’s a good measure of whether your password is strong.  Can you look at it once and remember it several hours later?  If not, it’s probably because it has a higher entropy than you’re used to.  Our brains are wired to recognize patterns and things that are familiar to us.  This is why we gravitate towards lower entropy passwords.

Use a passphrase instead.
Passphrases are passwords that are much longer than the standard of 8 or 12 character passwords but use a sentence structure with several words and spaces.  Passphrases are easier to remember and are more recognizable to our brain but also have a much higher level of entropy because of their length and the positioning of spaces in the phrase itself.  For example, a password could be the phrase “the black f0x Jumps 0ver the M00n!”  This passphrase would meet the majority of complexity requirements but is also easy to remember once you use it a few times.  In addition, the randomness of the words used and the spaces included in the phrase mean that the odds of someone being able to predict the passphrase are extremely low.  We have greatly increased the entropy of our password while at the same time making it easier to remember.  Yes, it’s a longer password to type, but you will find it only takes about a second longer to type than a traditional password.

Are you practicing good cyber hygiene?

Uncategorized

Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security.  Below are some of the top best practices you can employ to improve your cyber hygiene at work, school, and home.

  1. Install anti-virus software and keep it regularly updated
    Having a good anti-virus software installed and up-to-date can help keep your computer free from the latest threats.  Be sure to do your research and choose software from a reputable company.
  2. Keep software updated
    You probably have a lot of software installed on your computer.  Keeping it all updated, along with your operating system, can be overwhelming but it’s important to help keep your computer free of vulnerabilities.  Try to develop a routine where you make time to check for the latest updates.
  3. Use strong passwords
    Making sure that your password is hard to guess is an important part of keeping yourself secure.  There are many different recommendations for how to create a strong password.  We recommend using a reputable password generator in combination with a password manager to help you create and manage your passwords.
  4. Use unique passwords
    This is one of the most important parts of creating good cyber hygiene.  Each website or service that you use should have a unique password.  You should NEVER reuse passwords across different websites.  We recommend you begin using a password manager to help make it easy for you to create, store, and securely access all your passwords.
  5. Use multi-factor authentication
    Multi-factor authentication often takes the form of a numeric code that is sent to you as a text message or from an app on your smartphone.  The code is required to login in addition to your password.  We recommend that you enable multi-factor authentication for any websites that offer it.  Enabling multi-factor authentication greatly increases the security of your account because while the bad guys may have your password, it’s extremely difficult for them to gain access to the additional code.
  6. Back-up regularly
    Making sure that your important data and files are securely backed up not only helps you quickly recover from a computer crash, it can also help you recover from a cyber attack.  Ransomware, a popular method employed by cyber criminals to encrypt your data for monetary gain, can be recovered from but only if you have a recent backup of your files.
  7. Clean your hard drive
    Getting ready to sell your computer or smartphone?  What data could still be on the hard drive?  Cleaning or “wiping” your hard drive clean of any personal or sensitive files before it leaves your possession can help keep your personal information protected.
  8. Secure your home router
    The router you have at home that makes it possible to create a wireless network and connect you to the internet, is a specialized computer.  Any computer can have vulnerabilities and needs to be kept up-to-date.  Unfortunately, many home routers do not automatically update which means you need to be able to log in and run the updates.  Failing to keep your router updated can lead to critical vulnerabilites and put your home network at risk.