In March this year The Telegraph published an article containing a list of the most commonly used passwords of 2015, collected by SplashData. The information was collected from data breaches both in America and in Western Europe. The article explained that the most commonly used password in 2015 was, shockingly, “123456” with “password” coming in second. Other passwords to appear on the list include “qwerty” at number 4, “football” at number 7 and “dragon” at 16.
Are your employees able to use passwords like this? Are they opening up your company to the possibility of data breach? Here are some ways you can ensure your databases are protected.
It is now possible to tailor the system to your needs and ensure that all myhrtoolkit passwords are high strength passwords. You have the power to decide whether it should be mandatory for all users to have at least one capital letter in their password, plus options for how long it needs to be, and whether it must contain numbers and/or symbols.
Entropy is a key part of password security. Put simply, entropy is the measurement of how unpredictable a password is. When creating a password, you want the entropy to be high. The more important the information that you are accessing, the higher the entropy needs to be. For example one of the most common passwords listed above “123456” has a very low score of only 9.7, according to this online entropy calculator. It is recommended that you have at least an entropy of 72 for your passwords, in order that a password is strong enough to protect against data breaches. However, it is recommended that you aim to have an even higher score if possible, as it creates a higher level of security.
One of the recommended ways to generate and remember a strong password is to use a memorable phrase or sentence to create it. For example, “My best friend’s name is Tim, he eats 5+ oranges every day.” It is then possible to use the first letters of each word in order to create a password, therefore, your password would be “MbfniT,he5+oed.“, which has an entropy of 75.9.
Another way of creating a strong password is to use a number of unrelated and random words together. The words shouldn’t be in grammatical order, nor should they be from a common phrase. It is recommended that passwords use more than 4 words, with 6 being the recommended number of words. For example, “shoeturniptableplug“, 75.4, or, even better, “transparentseasidedancingminimum“, 120.8. The latter is preferable as it involves longer words and therefore is harder to crack. A way of further improving password security is to add a randomly placed symbol or number.
It is important to make sure users do not use the same passwords for a number of different sites or platforms. A common mistake is to use a slight variation on the same password, or even the exact same password, for many different sites. This means that if one website is compromised and your passwords is acquired, then you are at risk in many areas, rather than just being vulnerable in one area.
With the need to move towards using longer and more complicated passwords, alongside the growing number of sites that require a username and password, it is becoming more and more important to find a safe way to store your passwords. There are a number of password manager systems that are widely available, such as LastPass or Dashlane, which both have the option to use either a free service, with a limited number of features, or to pay subscription fee and gain access to more features.