David Papp Blog

Password Standards To Have For 2020

Even though we are in a new year, we are still facing a number of problems that we’ve been wrestling for years. One such problem is password security. Many of the breaches from large firms to mass spread of viruses have stemmed from the fact passwords aren’t as airtight as they could be.

Because of this, managing password security is very important. Fortunately, strengthening passwords is easy. So much so I can present you with some practices that will ensure that for this year and beyond, you’ll have better password security.

Minimum Eight Characters

Bigger is better as they say and that rule applies to passwords as well. The more characters that you’re using for a password the less chances of it getting hacked.

That being said, if you’re paranoid about passwords it never hurts to add more. Personally, I’d recommend 16 in those situations. And if you want to go to extreme cases, allowing 64 characters can really help ensure it does not get cracked.

Of course, if you’re going for 64 characters, it might be smart to reserve that for places that don’t require you to input it several times over the day.

It’s also worth noting that the quality of password is still important. Meaning if you’re using a sequence of numbers and only that then that’s not going to be a good password. At least compared to passwords using a mixture of characters and numbers.

Using A Password Generator? Generate At Least Six Characters

From reading above, I can imagine most would think it’ll be tough to memorize that many characters. I’d agree with you. It’s this reason that many of us turn to password generators to help us with storing and generating passwords for sites we visit.

These tools are helpful since they remove the hassle of us coming up with a password and these systems stay up to date with password standards. The only thing is, when you generate them, make sure that they generate at least six characters.

This also applies to sites that provide their own passwords and codes to new users. Some services that you buy may give you access to user portals that require you to log in. While that’s great, these sites can be hacked into like any other. Especially if the system spits out easy to crack passwords.

So be sure that the passwords generated are solid. Or at the very least give you the option to change the password.

Use The Entire ASCII Set For Passwords

For those not familiar with the term ASCII Set, this is the for all the letters and symbols on a keyboard. ASCII is the abbreviation for American Stand Code for Information Interchange. Chances are you’ve never heard of it because people use simplified versions to explain this.

That is: make sure that your passwords include lowercase, uppercase, numbers, and symbols. Depending on where you are working at, some companies require you use at least one of each of these.

I mentioned above that the quality of a password matters just as much as the quantity of characters in it. By using the full set of symbols, numbers, and letters available to you, it builds up entropy, making it harder for someone to crack a password.

Set Password Standards For Uniqueness

The idea behind this is once you used a specific password, you can never use it again. It sounds disheartening sure but it can cover you well in the case of a breach. If you’re using one password for everything then it can be easy for someone to come in and crack it and have access to various accounts.

To avoid that, make sure that you’re using different passwords for everything from social media to bank accounts.

Check Password Dictionaries

Wait, there are dictionaries of passwords?

Yes there are. There are a wide variety of tools and software packages that have these and grant access to all kinds of passwords. But before you get your hopes up, I’d recommend to not use these.

The reason they’re in these dictionaries is because these are passwords that have been cracked before in the past. The idea with this tool is to make sure the passwords that you’re creating aren’t showing up in these dictionaries.

Have A Password Manager

I mentioned password managers already but that’s because they work double duty. They’re fantastic tools because most can generate passwords for you but also store them. This is great for individuals who struggle to memorize long passwords.

What’s also great about those generators though is the fact these passwords are randomly generated. If you’re using this tool, chances are very high it will not show up in password dictionaries. This is good because if you have to generate passwords on your own, we can expect some kind of patterns.

After all, even if you’re storing these passwords into a password manager, you’re going to favor specific letters or numbers over others.

A few suggestions to check out are LastPass, DashLane, and 1Password.

Have At Least Ten Attempts Before Locking A User Out

It’s important to achieve some kind of balance between locking someone out and giving someone enough chances to try a password. When thinking of this balance, it’s worth considering the risk behind this specific account getting compromised.

At the same time though you want to consider peoples frustrations if they get locked out. After all, mistypes can happen and if you’re only allowing one attempt and you’re locked out for an hour or two, that’s bad.

My suggestion is ten attempts as it’s a good balance between someone reasonably attempting to get in and someone trying to brute force the system.

Have Two-Factor Authentication

More and more security features are moving to organic methods for authentication for good reason. These are often more secure because they provide a second line of defense should a password get cracked.

These are smart to implement for this reason and there are number of ways this can be facilitated. Examples are using biometric data (i.e. your voice, finger print or eye scan), a special key you keep on your person, or something like Google’s Authenticator. Also very popular are codes sent to you by email or text which is highly recommended.  Even if someone gets access to your account password, they still need this to log in.

Avoid These Bad Password Practices Too

The last thing I’ll touch on is to avoid bad practices for passwords. While there are some obvious ones like the one I mentioned earlier, but here are some others you might not have thought of:

  • Never make it a word. Any word that can be found in the dictionary should be avoided. If you’re using the dictionary to come up with passwords, use multiple words. Examples are things like sturdyasboxes or intelligentbird.
  • Change your passwords often. While you can play this one by ear depending on the account, it’s smart to at least make changes to passwords on occasion. If you make a habit of changing passwords once every six months or so, it reduces your odds of getting your account cracked into.
  • Avoid passwords that reflect names or places. If your getting hacked into, chances are the hacker has done some research on you. For this reason, you want to avoid people’s names or places. This also applies to abbreviations or nicknames. You also want to avoid variations like replacing letters in names with symbols or numbers.
  • Don’t use a password based on letters adjacent on your keyboard. Specific sequences of keystrokes may make it easy for you, but it also makes it easy for hackers as well. Make sure that your hands have to move around the keyboard a little bit.

Have These Practices And You’ll Be Safer

As you can see, having stronger passwords are easier than before. Through the use of tools like password managers and password generators, we can create stronger passwords for ourselves.

Or if you feel like trying this solo, this article should help you in creating solid passwords that are tougher to crack.