Type “123456” into someone’s password bar and you just may get in. Why? Because plenty of people still use that password for a variety of websites. It’s easy to remember, after all. Thankfully, while you could get into someone’s account with that ill-created password, it won’t be the majority of accounts. People today have been trained to create passwords that are hard to guess.
In fact, some sites require a string of characters that contain upper- and lowercase letters, numbers and symbols. At times, creating a password for a new account feels akin to creating a military code. And forget remembering the password you created. If you are like most people, you get so frustrated trying to create a password that you can’t even remember what you typed, or in what order.
As a small business owner, you want to be sure that you not only create strong passwords, but that you remember them. If you’ve ever wondered who you have to thank for those crazy password requirements, it’s Bill Burr (no, not the comedian).
Back in 2003, Bill was working for the National Institute of Standards and Technology. It was then that he penned a report, an eight-pager, detailing how to set strong passwords. Today, Bill believes that he may not have been entirely correct. Over time, he has realized that some of his tips may not have been helpful and that they may have caused more harm than he intended (not having intended any harm at all).
Where Burr Went Wrong
Burr recently told the Wall Street Journal that his original advice was to change a password every 90 days. That didn’t work well, so that advice was tossed. Secondly, his advice to companies was to require passwords with strings of different characters. He now says that random words strung together could be harder to guess.
When Burr first wrote his report, there wasn’t a lot of data to consider. Now there is. Burr now says that his primer was a bit too complicated and that he may have been barking up the wrong tree.
What People Know Now
Think of the last time you had to create a string of ridiculousness for a password. Were you annoyed? If so, you aren’t alone. Research has shown being forced to create such a password irritates people to the point that they use the same password over and over and choose ones that are less secure. Plus, when it came time to update those passwords, many people would only change a character or two, therefore compromising security.
The new guidelines for corporations include creating effective passwords that are long strings of words or a phrase. Forget about the special characters, a capital letter, a lowercase letter and typing the whole thing in with your toes while singing Happy Birthday. Those days may soon be behind us.
Tips for Creating Effective Passwords
So – without further ado, here are five tips to help you create strong passwords that you can actually remember.
When you are creating your new password, make it 12 characters at a minimum. The longer your password, the harder it will be to guess. Think of your favorite color, your favorite food and your favorite city and string them all together. Consider annoying nickname you had for your brother when you were kids, the food you can’t stand and your favorite animal at the zoo and string them all together. The possibilities are virtually endless, and can be incredibly hard to guess.
Don’t Make Minor Changes
Don’t make the mistake that so many others make and make only a minor change when setting a new password. For example, don’t add a number 1 at the end and then in 90 days a number 2. Don’t go from using your first name to your last name. Don’t go from using 2016 to using 2017. These are very easy guesses to make when someone decides they want to hack into one of your accounts.
Make It Easy (for You) to Remember
If you are still in the school of thought that a password must contain a zillion special characters or some combination thereof, you better make sure you can remember what you type. A good way to do this, say experts, is to come up with a two sentence combination. For example, “The first dog I had was Rover. He was 12 years old when he died.” Next, take the first letter, the period and the digits from the sentence to create a password: TfdIhwR.Hw12yowhd. It’s a bit of a crazy password, but it will be virtually impossible for anyone to guess.
Along the lines of creating a password with just a string of words, don’t make those words easy to guess. Instead choose three or four of your favorites. For example, my pretty yellow house isn’t too hard to imagine if your house is really yellow. Instead, choose three or four words that have nothing to do with one another, or you. Serendipitytomatofrogbelgium, for example.
Don’t Change It
This has nothing to do with creating a strong password, but maybe it does. The old advice was to change your password every 90 days. The new advice is this: don’t. Unless you have been alerted to some kind of virus, malware or hacking attempt, leave your passwords be. It is no longer thought that changing your passwords every three months is beneficial. Not only that, but it’s much harder to remember them all if they’re constantly changed.
Creating effective passwords is always advisable, but just how that is done changes with the tides. Now that there is more research available, it is no longer recommended to make overly difficult passwords or to change them with regularity. We can thank Bill Burr for the original set of instructions, and we can also thank him for changing his mind.
For even more tips on streamlining your day and beefing up your small business cyber security, reach out to Company.com. We have services available to you that will free up your time and let you get to the most important task of the day: Growing your business.