It really surprises me just how many myths there are around concerning the “strength” of passwords, even more surprising is the source of some of these myths
It seems as though people assume that a password containing letters, numbers and symbols that you must change every X number of days is nice and secure, and in some cases it is, but it does cause some problems. The most obvious one is can you actually remember it? Chances are not many people can resulting in the user writing it down on a sticky note and attaching it to their monitor!
The image below (taken from 2toria.com) is a good illustration of most of the password myths
As you can see simple easy to remember words are much more effective than overly complex mumbo-jumbo. It’s not that your password actually contains numbers, symbols and letters that makes it hard to break, it’s the fact that it can contain them – from here the strength of the password is governed by it’s length.
As for password expiry dates – well put it this way, if you discovered somebody’s password and had malicious intentions, would you wait to use it? Probably not – and Microsoft seem to agree!
So some tips on choosing “better” passwords:
- The password strength is governed by what character set you have to work with (i.e. are numbers/symbols available to use) and it’s length – choosing a long password composed of random words strung together is acceptable and easier for you to remember
- Make sure your password is not a singular word in any language!
- Do not make your password anything that can be inferred by knowing you – e.g. childs name, date of birth etc
- If you are required to change your password don’t change it to your previous password plus another character (e.g. john2)