Creating a Strong Password in 5 Steps

Never before has it been so important to possess an essentially perfect password. The Bitkom Cloud Monitor 2017 shows that over 60 percent of companies use the cloud – and the trend is set to rise. But the problem is that highly sensitive data is also placed in a remote environment, of course, which might attract hackers. And however much other security measures shield this environment as well, a good password is indispensable. This article sheds some light on the perfidious methods of cyber criminals and provides five of the best tips to create a perfect password.

An article by the COMPAREX Editorial Team 

The perfidious hacker methods

Ransomware

Ransomware describes trojans that are placed on the computers of their victims, where they block or encrypt data. Companies are not able to access their datasets until they have paid a certain amount, the ransom. This dirty trick is particularly effective when hitting companies that are highly dependent on their data. In many cases they will transfer the amount to an international account in Bitcoin currency. The best way to prevent ransomware is to install software that thwarts the attack before it can take effect.

Brute force attacks

A brute force attack is a frequently encountered – if albeit somewhat crude – method used by cyber criminals: the hackers run a number of programs to input all possible character combinations. The method is simply repeated until the password is cracked. Essentially it means that any code can be decrypted.

Dictionary method

The dictionary method is more or less the manual version of a brute force attack. The hackers do not try out every character combination and instead use lists, for instance of the most popular passwords. And indeed, the top three really are “123456”, “123456789” and “Qwerty”. So if you actually use one of these passwords or something similar, you are strongly advised to read our five tips for a perfect password as quickly as possible!

5 tips for the perfect password

1 Variety is key: A secure password should on no accounts consist only of letters. You must also use numbers, special characters and caps. Not only do they thwart the dictionary method, they also make a successful brute force attack significantly more difficult. A great trick is to replace letters with numbers and special characters, so an “i” will become “!”, an “o” turns into a “0” and “s” is written as “$”. This way, the simple term “Microsoft” morphs into the substantially harder word “M!cr0$0ft”.

2 Length matters: It’s easy: the longer the password, the harder it is to crack. The length of the code can be decisive, especially for brute force attacks. The following calculation example indicates the principal:

Possible number of combinations = Number of characterspassword length

So if you use a seven-digit password consisting of caps, letters and numbers (62 characters), the possible number of combinations is 3,521,614,606,208 (over 3.5 trillion). The number rises to 218 trillion cycles needed to crack the code, merely by adding another digit. This means that if your password comprises more than 10 digits and additional special characters, decryption would take several years.

3 The easy way to create a password: This trick shows you how to create a complex password that only you can remember. Think of a sentence and place the first letters of each word in a row. So the sentence, “My Name is Joe Bloggs and I was born on 1 January 1900!” would produce the following password: “MNjJBaIwbo1J1900!” It’s long, contains numbers, special characters, caps and letters, and it’s definitely not found in any dictionary. Perfect!

The World Wide Web can also come to your assistance if you don’t want to think up your own password. There are plenty of password generators on the Internet that use random strings to produce a password. But be careful! It’s very difficult to remember these combinations.

4 Reset your password? The trickiest question among security managers: is it important to reset passwords regularly? And if so, in which intervals? It may appear sensible to change passwords regularly to ward off cyber-attacks, at least at first glance. But experts take a nuanced view. Many users only make minor changes to their password, turning “password1” into “password2”. These patterns are easy to predict. What’s more, people tend to choose easy passwords if they know that they have to be changed soon anyway.

To reset or not to reset? Our expert Rene Schoppe, IT Security Sales Specialist, advises:
I recommend changing your password on a quarterly basis, so every three months. That’s also the general advice given by the Federal Office for Information Security (BSI). Most systems send an automatic reminder every 2 to 3 months to restore the password, and so it is wise not to ignore this advice. You need to reset your password immediately following a successful hack of a portal you use and the theft of data. The most important aspect is to use a secure password. Password generators are handy tools in this regard.

5 Top secret! Some may believe that this tip is blatantly obvious, but it is still the most important one: never give anyone your password. Not even a friend, colleague or spouse. Also refrain from keeping notes of your passwords. While they make it easier to remember the codes, the implications can be fatal if they fall into the wrong hands.

Conclusion

100 percent protection does not exist. Every password can be cracked somehow. So the pertinent question is how long it takes. The use of long combinations, comprising letters, numbers and special characters is the first step toward effective protection of your data. Our experts are glad to advise you. Contact us today!

 Get in touch with us

Leipzig, 21.07.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.

Related Articles

Where do Current IT Threats lurk? 5 Steps to Protect Against Cyber Attacks

Viruses, worms and simple malicious code were the most frequent threats to the IT landscape. A signature-based protective mechanism in the form of an anti-virus program was sufficient to provide adequate protection against standard cyber attacks. Read the full article ...

Archive

Get an overview of all published blog articles of the past months.

 Read more

Share this Article