Best Practices for Creating Passwords in 2023

The security of your business is our top concern. These are the Eberly Systems recommendations for creating good passwords in 2023.

We all know that long and complex passwords are much stronger than short and simple passwords. So, how can you easily make a long complex password that you can remember?

First and most importantly, the longer the password the better . A lot of security professionals have been suggesting the use of “passphrases” rather than “passwords”. Secondarily to length, a more complex password is better than a simple one, and thirdly, a less guessable password is better than a guessable one. We will cover each of these areas in this article.

Definition : “Passphrase” – A password that is made up from an easy-to-remember phrase rather than a single word.

Again, the longer the password, the better! So, let’s get started!

Step 1: Try to think of a few words together that you will be able to remember. Leave the spaces in there. For example:

Tony’s cat ran up the stairs

The above phrase by itself is already 28 characters long! This is a great starting point, and it’s already exponentially more secure than a typical password!

According to a popular password strength meter, this password would take 3 hundred trillion years to break.

Step 2: Make some random changes to the phrase that you can remember. You can substitute numbers or symbols for words, change the case of a word, or add punctuation. Make as many changes as you are sure you will be able to remember, like this:

T0ny’s cat - ran UP the stairs...

Now, you have a long and super secure password that you can remember!

The same password strength meter indicates that this password would take 27 billion trillion years to break.

Some more great tips:

Can’t think of a phrase? Look around your desk and see what is lying around, then pick some random things and string them together:

stapler paperclip telephone pencils

If you’re a language buff, mixing languages is a great idea to make your password harder to break!

Don’t use short passwords!

The following password is very complex, but it only has 6 characters. The same password meter that showed the passphrases in the last section would take trillions of years to break says that this one would only take 1 year.

J&~7*h

Avoid common words

The worst passwords are made up of common simple words, like “password”, or “iloveyou”. Some other common words to avoid are “monkey”, “letmein”, “dragon”, seasons like “summer” or “winter”, a month like “January” or “June”.

Don’t use patterns from your keyboard

The password 123456 is the most frequently used password in the world according to recent breach statistics. “qwerty” “asdf” and “1q2w3e4r” are all examples of very commonly used passwords that are very easy to crack.

Avoid guessable words

Don’t use part of your name or your company name or department as part of your password. These are among the first things that attackers will try.

This extends to anything that can be found out about you. Don’t use a friend or relative’s name, the names of pets, or the dates or details of life events you may have posted to social media.

Avoid the most obvious patterns

It is very common for people to make a password that is a word follow by some numbers followed by some punctuation, like this:

Pizza123@!

The above password is the weakest one we’ve shown in this article. The tools that attackers use could break this password in under 20 seconds.

Avoid using common phrases or song lyrics

Even the longest passphrase might be guessable or susceptible to a password breaking tool if it uses a common phrase or a part of a song lyric. Try to use something that isn’t out on the internet.

It is important to have a different password for every one of your accounts. But how can you remember all these passwords??? The simple answer is: you don’t need to! Enter the wonderful world of password managers!

With a password manager, you need to choose one good long password that you can remember and leave the rest to your password manager! In practice, you’ll need to remember a total of two passwords: the one you use to log in to your computer, and the one that unlocks your password manager.

Your password manager can even generate long random passwords that are great for security.

There are several free password managers out there that you can use for personal accounts. For business, it’s best to have a more managed solution that can provide a safety net in case you forget your master password. Of course, Eberly Systems has a solution that we can implement for you.

Okay, so longer is better, and then secondly, more complex is better, and then thirdly, less guessable is better. But how does this all work? How does a hacker figure out your password?

Dictionary Attacks

One of the tools that hackers use is known as a dictionary attack. In this kind of attack, the attacker will use their computer to try as many passwords as they can against a file, hash, or database in rapid succession. These tools will use algorithms that will start with the most common words and passwords first and try different combinations of uppercase and lowercase and add numbers and special characters to different parts of the password until it finds a match.

Phishing

Phishing is when an attacker tries to contact you and convince you to give them information. This could be an email, a text, or a phone call. They will often use pieces of information that make them sound more trustworthy, like the name of your boss or coworker.

Malware

Regardless of how secure your password is, in extreme cases, there are other ways that attackers can get your password. If your computer has been compromised by malware for example, a remote attacker might be able to get your password simply by you typing it into your computer!

This is why it’s important to have strong security tools to keep your computers safe, and to implement multiple layers of security. At Eberly Systems, we have carefully selected a combination of security software and tools to prevent even the most dangerous malware from breaking through.

Although it’s beyond the scope of this article, your passwords offer only a single layer of security. Wherever possible, you should be using MFA (Multi-Factor Authentication) in addition to strong passwords to protect your accounts.

To learn more about Multi-Factor Authentication, see our article on the topic:

Multi-Factor Authentication Tips to Boost Security (eberlysystems.com)