Cyber threats are constantly evolving in today’s digital landscape. Password
complexity is a critical aspect of cybersecurity that cannot be overlooked.
Passwords are the first line of defense against unauthorized access.
A password is essentially a code acting as a barrier to obtaining sensitive
information from a user account. It must be strong enough to prevent unauthorized
access: unique, complex, and difficult to guess. If you keep the following
two rules in mind, which we explain in more detail below, you will have the
best chance of having a password that an attacker cannot crack:
- Make a password that is long(e.g., >16 characters)
- Make a password that a person who knows you wouldn't be able to guess
Password Complexity Rules
Character Length-
An 8-character password is generally the bare minimum character
limit within an organization. When it comes to password length,
the longer the password the better. A longer password makes it
more difficult and time consuming for an attacker to crack.
Most password generators require 20 or more characters, which
wouldn‘t be cracked within anyone‘s lifetime.
Special Characters-
Use characters that are not alphabetic or numeric, such as !@#%&*.
The goal is to increase the number of characters an attacker must
try, making it more difficult to compromise your password with a
brute force or dictionary attack. A dictionary attack mainly focuses
on a pre-made list of common alphabetic and numeric password
combinations, while a brute force attack involves trying every
possible combination.
Numbers-
Including numbers in your password increases the number of possible
combinations through which an attacker must iterate to guess
your password. This also provides an increase in time consumption.
Uppercase and Lowercase Letters-
Similar to numbers, combining a mix of both uppercase and lowercase
letters makes a password more difficult to crack.
Making your password long (so a computer can’t crack it) and making
it something not easily guessable with a mix of different characters (
so a person can’t guess it) gives you the best chance of having a
password that won’t be cracked.
Multifactor
Multi-Factor Authentication (MFA) is a security measure that provides an additional
layer of protection for your online accounts and digital assets. It goes beyond
the traditional method of relying solely on a password for authentication and
introduces an extra factor that must be provided to verify your identity. By
implementing MFA, you significantly enhance the security of your accounts and
reduce the risk of unauthorized access, even in the event of a compromised
password. Even if an attacker gets your password, they don’t have your phone
(or another device providing that second factor of authentication).
Multi-factor authentication combines multiple independent factors to verify your
identity. The industry standard is using at least two of the three factors:
- Knowledge (Something you know):
These factors include something you know, such as a password,
passphrase, or PIN. It’s essential to choose a strong and unique
password that is not easily guessable or susceptible to brute
force attacks. Avoid using common words or easily identifiable
personal information.
-
Possesion (Something you have):
These factors involve something you have, such as a physical
device or token. Common examples include a smartphone,
hardware token, or smart card. These add an additional layer of
security because even if an attacker gains access to your password,
they would still need physical possession of the device or token
to authenticate successfully.
-
Inherence (Something you are):
Biometric factors include fingerprints,
iris scans, facial recognition, or voice recognition. Biometrics
provide a unique and difficult-to-replicate identifier.