Users today are inundated with passwords they must remember. Think about it. Website logins, email accounts, social media accounts, banking accounts, smartphone pass codes, ATM pin numbers, and home security system alarm codes all require some type of password.
Creating a strong password policy is key to helping users safeguard these critical systems they rely on every day. While additional complexity can seem like an inconvenience to many users, it shouldn’t prevent a strong password policy from implemented in your organization.
Consider these 2 quick facts supporting a strong password policy requirement:
Fact: 73% of users have the same password for multiple sites.
We’ve seen an escalation of security breaches over the years. Even major brands have had systems compromised exposing user passwords. While administrators quickly respond and notify users by forcing password changes, their efforts are limited to their own site.
Changing a password with one site is not always enough. Chances are that compromised passwords are used elsewhere, leaving users vulnerable to hackers.
Fact: Every extra character in your password increases the difficulty for hackers to crack it.
The most commonly used password is…123456.
And it’s closely followed by just as insecure passwords like “password”, “welcome”, and “12345″.
Think one extra letter or number doesn’t mean much? Consider this:
- A 6-character password with only letters has 308,915,776 possible combinations.
- An 8-character password with only letters has 208,827,064,576 possible combinations.
- An 8-character password with letters (upper & lower case) and includes numbers and symbols has 6,095,689,385,410,816 possible combinations.
- There is real strength in numbers…or in this case, extra characters required by strong password policies passwords.
Strong Password Construction Guidelines
Good passwords are critical to information security. Lack of thought in creating password policies increases the chances of unauthorized access or compromised data. The SANS institute recommends that strong password policy include the following characteristics:
- Contain a mix of uppercase and lowercase letters, punctuation, numbers, and symbols.
- Contain at least 15 characters.
- Be unique from other accounts owned by the user.
- Never include dictionary words
- Never include patterns of characters
- Go even further in your password policy by encouraging the use of pass phrases, which use phrases along with the strong password guidelines to add even further difficulty to passwords being compromised.
How is one expected to remember all these different passwords. The answer is to utilize a password manager. The articles below explains the most popular ones. Selecting one that is easy for you to use is will be the key for long term use.