Passwords are an established method of authentication for online accounts, but creating passwords that are both secure and memorable is not always easy, and is becoming harder as people have more online accounts. If you create simple passwords that you are unlikely to forget, the risk of an attacker cracking it are higher. However, if you create a more complex password, you are more likely to forget it, so the chances are high that you will stick to just one or two and reuse them for multiple websites.
Kaspersky Lab researchers estimate that the greatest vulnerability of passwords is their re-use. As the recent release of more than 700 million email addresses and millions of unencrypted passwords showed, data from different breaches can easily be combined and used in ‘credential stuffing’ attacks, where hackers use victims’ email/password combinations to break into their other accounts that have the same password.
This risk is not reduced by changing passwords, but by making them strong. Further, this strength should be built not on complexity but on uniqueness.
David Jacoby, security researcher in Kaspersky Lab’s Global Research and Analysis Team (GReAT), said, “There is a lot of confusion about what a strong password actually means. Many websites now demand complex passwords comprising at least eight or more upper and lower case letters, numbers and special characters. This is what many users have come to equate with a ‘strong’ password, and it can seem pretty daunting.”
Jacoby adds, “The good news is that strong doesn’t have to mean scary! When you look at the issue from a security perspective, you can see that passwords are generally strong if they are unique to you and to one account. There are easy ways of making them unique, yet memorable, so that they cannot be used to breach other accounts, even if the details are exposed in a data breach. Further, there are secure password management tools available that make it easy to safely create and use dozens of unique passwords.”
The following steps will help you to create unique, memorable passwords that are strong:
Step 1: Create your ‘static string’ (the part of the password that doesn’t change)
- Think of a phrase, song lyrics, quotes from a movie, nursery rhyme, or similar that is memorable to you.
- Take the first letter from the first three to five words.
- Between every letter add a special character: @ / # etc.