Achieve high security passwords

Learn how to achieve high security passwords within your myhrtoolkit system and across the web.

The bad password epidemic

The Telegraph published an article containing a list of the most commonly used passwords of 2015, collected by SplashData. The information was collected from data breaches both in America and in Western Europe.

The article explained that the most commonly used password in 2015 was, shockingly, “123456” with “password” coming in second. Other passwords to appear on the list include “qwerty” at number 4, “football” at number 7 and “dragon” at 16.

Are your employees able to use passwords like this? Are they opening up your company to the possibility of data breach? Here are some ways you can ensure your databases are protected.

How to achieve high security passwords in myhrtoolkit

It is now possible to tailor the system to your needs and ensure that all myhrtoolkit passwords are high strength passwords. You have the power to decide whether it should be mandatory for all users to have at least one capital letter in their password, plus options for how long it needs to be, and whether it must contain numbers and/or symbols.

The heart of secure passwords: entropy

Entropy is a key part of password security. Put simply, entropy is the measurement of how unpredictable a password is. When creating a password, you want the entropy to be high. The more important the information that you are accessing, the higher the entropy needs to be.

For example one of the most common passwords listed above “123456” has a very low score of only 9.7, according to this online entropy calculator. It is recommended that you have at least an entropy of 72 for your passwords, in order that a password is strong enough to protect against data breaches. However, it is recommended that you aim to have an even higher score if possible, as it creates a higher level of security.

How to achieve high security passwords

Use a memorable phrase

One of the recommended ways to generate and remember a strong password is to use a memorable phrase or sentence to create it. For example, “My best friend is very healthy! They eat 5+ oranges every day.” It is then possible to use the first letters of each word in order to create a password, therefore, your password would be “Mbfivh!Te5+oed.“, which has an entropy of 76.8.

Use a string of unrelated words

Another way of creating a strong password is to use a number of unrelated and random words together. The words shouldn’t be in grammatical order, nor should they be from a common phrase. It is recommended that passwords use more than 4 words, with 6 being the recommended number of words. For example, “shoeturniptableplug“, 75.4, or, even better, “transparentseasidedancingminimum“, 120.8. The latter is preferable as it involves longer words and therefore is harder to crack. A way of further improving password security is to add a randomly placed symbol or number.

Use unique passwords across platforms

It is important to make sure users do not use the same passwords for a number of different sites or platforms. A common mistake is to use a slight variation on the same password, or even the exact same password, for many different sites. This means that if one website is compromised and your password is acquired, then you are at risk in many areas, rather than just being vulnerable in one area.

How to store passwords securely

With the need to move towards using longer and more complicated passwords, alongside the growing number of sites that require a username and password, it is becoming more and more important to find a safe way to store your passwords.

There are a number of password manager systems that are widely available, such as LastPass or Dashlane, which both have the option to use either a free service, with a limited number of features, or to pay subscription fee and gain access to more features.

Related guides

Security and myhrtoolkit

How to use the Security Centre

Using security questions for password recovery

  • There are no suggestions because the search field is empty.