Password Policy 101: Top Tips on Remembering your Password & How to Secure a Safe one

Lynne Newbury - Business Management

All of our passwords protect a lot of information both on a personal and professional level, and if they are compromised there could be many repercussions. We are changing the password policy from the old-school style of changing them frequently to something more modern and secure. Many of the old ideas of storing passwords and creating passwords are not relevant in today’s age when we have so many passwords for so many different services, so remembering them can be quite an issue. We are constantly told never to use the same password on multiple sites, yet they also say never to write them down.

We are going to try and change this idea and rather than having a simple password that gets changed slightly each time a change is requested, we are going to come up with a way of creating a password that has high information entropy (lack of order of predictictability), and in turn is very hard to crack.

computer

Why do we care?

The plain and simple reason of why we care is because if someone got access to our ME association membership management system they could steal, modify or even destroy our system, which would leave the company in a varying levels of disfunction. Hackers are also a risk as they could use our resources for their own ends, and sell our information to a competitor.

So what do we do now?

We will explain exactly how to achieve a secure password. The same process will be usable in all aspects of your online activity, including; within your organisation and personal use.

Password Requirements

Passwords need to meet or exceed the following set of rules:

  • Length of 8-10 or more characters
  • Non-dictionary words
  • No letter substitution (3 = E, 7 = T and so on)
  • Must include some form of punctuation (!#,-. etc)

Things that have been relaxed about the new passwords are as follows:

  • You can write it down! (as long as it is stored in a secure place, like your wallet)
  • No frequent changes (change it once per year or more)

These changes will give you the confidence that your password is secure and won’t be compromised. It may seem a pain to learn to type a new password, but after typing it a few times your fingers will know how to type it quickly.

Creating a Password

To create a secure password the easiest way is to use mnemonics (devices to help you remember) pick a phrase that you already know well, then take the first letter of each word and put them together; if you leave the punctuation in it only helps to make it more secure.

Example 1:

Phrase - “The quick brown fox jumps over the lazy dog.”

Password - “Tqbfjotld.” (10 characters)

Example 2:

Phrase - “An apple a day keep the doctor away.” (childhood saying)

Password - “A’aadktda?” (10 characters)

Example 3:

Phrase - “You can’t judge a book by its cover” (Quotes & Sayings)

Password - “Yc,jabbic (9 characters)

Example 4 :

Phrase - “If you want something done right, then do it yourself.” (My Mother)

Password - “Iywsdr,tdiy.” (12 characters)

As you can see these passwords do not resemble any dictionary word or any other readable text. All punctuation marks have been included in the password, even the apostrophes are included.

We strongly suggest picking a phrase that is suited for this purpose. The middle 2 examples are good for this, as they have multiple punctuation marks and capitals. This is not mandatory to have in a password but it is recommended. You could even pick a line out of your favourite movie and use that, the phrase does not have to be historical, or even make any sense at all. Silly phrases are usually more memorable.

If you cannot come up with a phrase to use, then we can create a phrase after the password is created.

Securing your Password

You can write your phrase down on a piece of paper and store it in your wallet or handbag, or wherever else you secure your belongings.

You cannot store this password on or near the computer or desk, or in an electronic form.

Just remember that the value of the password is the value of what it is trying to protect, you wouldn’t use a simple password on your internet banking after all, nor would you use a simple password for your employer. But you would use a simple password for a forum or genealogy website, they’re just not as important as your finances or source of income.

Password Protection

The passwords we create using this method only work, if nobody tells their phrase to someone else in regards to this method. If you’re going to talk about this password creation method, use a generic phrase to explain it. It is much more preferable to just not talk about this with anyone at all, but we all know that it will be, and helping friends and family secure their internet banking passwords is a good thing. So please, if you’re going to give examples, don’t use your own phrase, pick something like Example 1.

More Information Regarding Passwords

If you would like any further information regarding the password entropy, brute-forcing passwords, or would even like to see how long it would take for your particular password to be cracked please use this online tool to test your password strength.