Call Us
27
Nov 15
Open Sesame: Five keys to great passwords
Written by Steve Jones

Barely a day – and certainly never a week – goes by in which digital security is not in the news. Whether ‘fraping’ or cyberwarfare, huge commercial losses of data or lower-level

identity theft, the protection we provide to our data is of ever more pressing urgency and relevance.

From the perspective of the individual user, passwords are the most obvious frontline defense against prying eyes: from our email accounts to our online banking, we use

strings of alphanumeric characters to restrict access to some of our most private information.

The thing is, even after nearly twenty years of widespread awareness-raising about the importance of using strong and variable passwords, most people are still pretty bad at

them. We use the name of our partner or our own birthday; we use a simple word with ‘123’ at the end of it, as if that will make any difference at all to a determined hacker.

The automated tools hackers use to harvest passwords and therefore access data can make a thousand guesses a second. Your password has to be really hard to figure out. The good

news is that there are five things to think about that can help.

Password length

This is step one. A longer password is better than a shorter one for obvious reasons: the more characters to fill, the longer it will take to guess each one in the correct order. If you

have a password made of only lower case letters, every letter you add increases the strength by a factor of twenty-six.

Password complexity

The complexity of a password is related to the different types of characters you include in it: upper case, lower case, numbers, symbols and so on. There are almost a hundred

possible characters that you can easily access on a keyboard – and adding just one of these to a password would make it one hundred times stronger.

Memorability

This one, of course, is where the problem lies: you can only add so many characters before the password becomes tricky to recall (and writing it down somewhere

immediately reduces how secure it is).

You can see this trade-off in action in the workplace: a lot of companies have a password policy that they force on their users. They will demand that a password must be at least 8

characters long, must contain at least one upper case, lower case, symbol and number and so on. These rules do the job – the passwords are more secure – but workers just write the

resulting improbably complex password on a post-it note and slap it on their monitor!

Get in touch
Application development starts with a conversation. All our app projects are shaped around the customer.