#CyberAware: Creating a strong password

Oct 21, 2016

businessman pressing cyber security button on virtual screens

Passwords are an everyday part of life whether you're logging into your work, bank or social media accounts. You should do everything you can to protect your passwords and use different passwords for different accounts as described in an earlier tip regarding “password reuse.” More importantly, knowing what makes a weak and strong password can reduce the chance a hacker or unauthorized user can guess or crack your password. At the State Auditor's Office, our IT department requires a minimum of ten characters that includes at least one upper and lower case letter, a number, a special character. Also, no reuse of previous passwords.

What is the difference between a weak and strong password? Starting with weak passwords, the characteristics can include short in length (less than ten characters), using family names, pet names, easily guessed words like “monkey”, birth dates and dictionary words. It's important to note that hackers have access to password cracking software that is freely available to download from the internet and fast computers which can validate unknown passwords against letter, number, and character combinations relatively quickly. So, what makes a strong password? A strong password is long and complex. Some best practice recommendations state a minimum of ten characters with a combination of upper and lower case letters, numbers and special characters make it more difficult to crack or guess. Here is a comparison between how long it takes to crack an eight character versus a ten character password: “P@ssW0rd” takes approximately nine hours to crack; “P@ssW0rd01” takes nine years.

Looking for resources on creating great passwords?