Determining the Most Effective Ways to Come Up with Secure Passwords

Determining the Most Effective Ways to Come Up with Secure Passwords

Passwords are a crucial element of your online security in terms of keeping threats from being able to access your accounts and resources. Unfortunately, for fear of accidentally locking themselves out of their accounts, many users have gotten into the unfortunate habit of taking shortcuts when it comes to their use of passwords. Let’s try to fix this by going over a few ways to design a password that is both memorable and sufficiently secure.

How Strong Does a Password Need to Be?

Passwords can be challenging to manage. After all, there are two ways that your passwords can potentially be breached: social engineering wherein a cybercriminal guesses them or tricks you into handing over your credentials, or by using tools and algorithms to crack them. This means that you need to ensure that your passwords are complicated enough to avoid either means of guessing them—but not so much that you can’t remember it, either.

The Password Creation Challenge

As you’re putting together your passwords (or dictating a password policy for your company) there are two things that you need to keep in mind:

  1. A hacker may try to brute force attack any password that cannot be guessed or cracked, rapidly trying each combination possible.
  2. A password’s security and its resistance to brute force attacks are two different things.

It helps to take away the term “authentication measure” when considering it and instead look at what it serves as: a lock protecting your business and its resources. Your password serves as the key to open this lock.

To apply this analogy, let’s say that you have a vault holding all your secrets. Someone trying to get into the vault will likely try all the “usual suspects” in terms of passwords—those that a lot of people tend to use. If none of those work out, they’ll delve into some of your personal information for significant dates or events.

Afterwards, they’ll simply resort to the brute force methodology… which, if carried out for long enough, will ultimately deduce the correct combination.

So, how can you really ensure that your passwords remain secure?

Balancing Complexity with Predictability with Memorability

We’ve long encouraged a few best practices, in terms of password creation. These generally include:

  • Sufficient length, ideally over 16 characters
  • A combination of numerals, letters, and symbols
  • No privileged or personal information, or that which can be found online or on social media
  • No common words or numbers
  • No consecutive letters or numbers

Optimizing Your Password’s Security

In addition to these practices, we also must account for the computing processes that many hackers will use. To overcome this, it is important to add some significant complexity to passwords to help make the job more difficult.

About 41 percent of all passwords are composed exclusively of lowercase letters. This is well known by cybercriminals, and so many of them will only include lowercase letters in their first round of brute force attacks. Therefore, adding other symbols, varying cases, and numerals can help make their brute force efforts take much longer—which encourages them to give up the ghost in favor of other targets.

This means that a secure password is one that is highly unlikely to be guessed, while it also requires a large amount of time for a brute force attack to stumble across it.

At the same time, you also need a password to be memorable. Sure, a password like “8g-b32m” may be plenty secure against a cybercriminal and perhaps even their algorithm for a while… but is that something you can easily remember?

If you’re like most, that isn’t very likely,

Fortunately, when it comes to passwords, just close isn’t close enough. They have to be exactly right in order to work, which makes their memorability particularly important. While this can create a bit of a challenge for the user, it also makes things more difficult for the attacker.

That’s why another theory has come to the fore nowadays regarding password security: utilizing a few random words, incorporating numbers and some varying capitalization, and padding either side with symbols.

This is because each variable added into your password makes it that much more challenging to brute force them, as we suggested before. Since many passwords are only made up of lowercase letters, a lot of cybercriminals will only check for passwords with that variable to save their own time. Each variable added could potentially make it take much longer to crack.

Taking all these principles into account, we recommend that your passwords should look something like this:


A process like this makes the password more usable, simply because it pretty much definitely won’t be guessed, has plenty of characters, will be resistant against a brute force attack, and isn’t impossible for you to remember.

Of course, we recommend that you come up with your own password, rather than just use the example we’ve provided.

The Next Issue: Remembering Them

Finally, we must address the issue of keeping your passwords straight. There is no denying that the most challenging best practice for many—using a different password for each account—becomes even more difficult with passwords this complicated. However, a simple tool can help make this far easier: a password manager.

A password manager is a type of software that takes your collected credentials and securely stores them for your reference, keeping them secured behind a single master password. This enables you to use sufficiently secure and unique passwords while only needing to remember the one you use to log into the manager itself.

BNMC is here to help you with effectively every aspect of your cybersecurity. To find out what more we can do for you, reach out to us at 978-482-2020.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, February 27 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Productivity Business Computing User Tips Email Software Privacy Cloud Microsoft Network Security Workplace Tips Hackers Efficiency Google Business Hosted Solutions Hardware Data Computer Malware IT Services Communication IT Support Mobile Devices Small Business Internet Android Mobile Device Smartphone Cloud Computing Innovation Backup Tech Term Managed IT Services Data Recovery Phishing Users Ransomware Smartphones Windows Saving Money VoIP Outsourced IT Quick Tips Information Disaster Recovery Network Passwords Upgrade Miscellaneous Cybersecurity Data Backup Browser Facebook Windows 10 Microsoft Office Social Media communications Business Management Server Office 365 Business Continuity Productivity Internet of Things Collaboration Managed Service Managed IT Services Windows 10 COVID-19 Data Management Apps Gmail Artificial Intelligence Save Money Vulnerability Remote Monitoring Gadgets Word Remote Work App Analytics Encryption Router Infrastructure Money Conferencing Chrome WiFi Managed Service Provider Government Remote Workers Mobile Office Applications Networking IT Support Access Control Spam Settings VPN Company Culture Virtual Reality Information Technology Google Drive Holiday BYOD Employer-Employee Relationship Display Website Tip of the week Paperless Office Antivirus Robot Big Data Unified Threat Management Compliance Hacker Data storage Automation End of Support Firewall Managed Services Maintenance Operating System Employee-Employer Relationship IT Management Data Security Business Technology Virtual Private Network Document Management Wi-Fi Computers Bandwidth YouTube Content Filtering Development Wireless Risk Management Education HIPAA Apple Office Tips BDR Storage Avoiding Downtime Monitors Password Vendor Management Laptop Customer Relationship Management Scam The Internet of Things Chromebook iOS Break Fix Business Intelligence Data loss Search Telephone Systems Downtime desktop Cybercrime Marketing Computing Regulations Outlook IT Remote Computing Bring Your Own Device Social Server Management Augmented Reality LiFi MSP Social Network Touchscreen Hosted Solution Managing Stress SaaS Humor Administration Managed IT Best Practice OneNote Virtualization Tablet Solid State Drive Mouse Data Breach How To Windows 7 Identity Theft Retail Alert Going Green Software as a Service Training Hard Disk Drive Two-factor Authentication Mobile Security Printing Vendor Managed IT Service Shortcuts Mobile Management Specifications Work Battery Tech Support Legal Monitoring Solid State Drives Smart Tech Google Maps Asset Management Windows 8 Streaming Processor Heating/Cooling Multi-Factor Security Cooperation Service Level Agreement Peripheral Unified Communications Drones Employee-Employer Relationships Voice over Internet Protocol K-12 Education Time Management Printer Hotspot Internet Exlporer Shadow IT Social Engineering Hybrid Cloud user treats Troubleshooting Business Analysis Memes Twitter Mobile Device Management Security Cameras Profiles Black Friday IT Technicians Optimization Files Websites Deep Learning Spying National Security Connectivity Human Error Memory Servers Google Calendar Staff Leominster Management Analysis Students Emergency Modem FinTech Digital Payment Instant Messaging Network Management Language Value Meetings Disaster Gamification Safety Scalability Dark Web Digital Shopping Alt Codes Virus Utility Computing Cyber Monday Mirgation Recycling RMM Updates IoT Device Reducing Cost Legislation K-12 Schools Policy Budget Mixed Reality Cookies Network Congestion SharePoint Computing Infrastructure Professional Services Uninterrupted Power Supply Migration Consulting Microsoft Excel Social Networking Spyware Employees Typing LED Threats Star Wars File Sharing Holidays Writing Current Events Laptops Smart Technology Chatbots eWaste Computer Care IBM Banking PowerPoint Halloween Techology Mobility Batteries Statistics Wearable Technology Network upgrade Procedure Lenovo Nanotechnology Distribution Downloads Alerts USB Mail Merge Blockchain Motherboard Cables Gig Economy Dark Data Update Cryptocurrency Co-Managed IT Fraud Cost Management Payment Card IT solutions Managed Services Provider Shortcut Distributed Denial of Service Identity Continuity Corporate Profile Reviews Google Docs Onboarding GDPR Scary Stories VoIP Unified Threat Management Hacks Print Toner Myths Bluetooth Comparison Smart Office G Suite PCI DSS Politics Slack Hard Disk Drives Running Cable Firefox Superfish Screen Reader Automobile Charging Logistics Content Huawei Buisness Licensing Dongle Dell Work/Life Balance Google Wallet Messaging Address Permissions Wires FBI Customer Service Bitcoin User Error Assessment Cabling Inventory Office Samsung Entertainment Virtual Desktop Patch Management Solar WannaCry Remote Health Private Cloud Business Growth Digital Signage Data Warehouse Sports Black Market Taxes Administrator Regulation Web Server what was your? Law Enforcement IT Budget Notifications GPS Electronic Medical Records IT Consultant Physical Security Cameras Upgrades Gadget Emoji Crowdsourcing Tracking Printers Mobile Computing Cleaning Personal Information Botnet Cortana CCTV 3D Printing Free Resource Webcam Processors Machine Learning Unsupported Software Error Images 101 Financial Point of Sale Ben McDonald shares Travel Computer Repair Relocation Mobile Data How To Supercomputer CrashOverride Recovery Motion Sickness Staffing

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3