We discussed much of this in depth earlier in the year and encourage you to catch up on previous password-related posts.
If you have the time, we encourage you to read, bookmark or share on social media the posts we’ve written about Scams, Fraud, and more. These are important topics – for us and the older friends and family we love.
Have the time to take a look?
CLICK HERE to find our reading list for articles about Scams, Fraud, Identity Theft, and How to Create Secure Passwords
Want to cut to the chase and FIX your passwords now? We’ll tell you!
How to Create a STRONG Password
Creating a STRONG password by today’s standards is actually pretty simple! Just string together a very random list of odd, unrelated words.
Replace old passwords that look like this: Y3llowT@xi456!
With something like this: pine grange hair gnome weaver clam turmeric
Sure it’s long and there are no caps, numbers, or special characters, however, the good news is that these days, this is much tougher to hack… and likely easier to key in!
With spaces in between each word —such as “turtle box super liquor”—instead of something like X30UnMx$#, the National Institute of Standards and Technology – NIST, also now says that users should be able to keep a password forever, with no expiration date. The NIST says it regularly evaluates their guidelines and aims keep folks ahead of current threats from hackers.
What Makes This a Better Password?
So why is pine grange hair gnome weaver clam turmeric considered a great password?
In one word, ENTROPY.
A password’s entropy references how difficult it is to guess, how random it is, and what would be the length of time to break it. In a nutshell, it quantifies how tough a password is to crack. The longer the password, typically the more entropy there is; which is why the NIST guidelines have been changed. These long passwords are generally more complex and easier to remember. That’s a win-win!
Because we human beings are notoriously bad at creating password/passphrase made up of a string of truly random words, some great tools have been devised. Want to become COMPLETELY RANDOM? Have a look at our blog post: Passwords – Security Tips from Experts
Keep Those Passwords Super “SLICK” & Tough to Hack
- STRONG– Is it tough to crack by today’s standards?
- LONG– Is your password 20-40+ characters long?
- INDIVIDUAL – Is your password individual – used for only one account?
- COMPLEX– Is it a string of unrelated, random words with spaces inbetween?
- KOOKY– Does it include odd, funky, misspelled, highly personal, made-up words?
Example: pine grange hair gnome weaver clam turmeric
Strong – Long – Individual – Complex – Kooky …CHECK!
Congratulations! Your Super SLICK, entropy-rich password means those online hacking tools are more likely to have a tough time breaking your code!
Above all else… Create maximum entropy!
Tools to Create Maximum Entropy
Remember, the ultimate strength of your password or passphrase, is measured in “bits of entropy.” There is a cool tool available called DiceWare. By using some six-sided dice, you generate actual entropy via TRUE randomness. Each roll of the dice helps you build your passphrase via Diceware word lists. Using the dice, you simply create a series of random numbers and then convert those random numbers into random words using Diceware’s ever-changing lists! Super simple!
And now, according to the new guidelines, you don’t have to change your passwords every 90 days! So once you create that great password, you are set. For ONE account. Keep in mind, you still need a different password/phrase for each online account.
This article is well-written and explains things nicely and there are additional word lists available if you need them.
Using Diceware, you may wind up with a password/passphrase like:
high fang erba glower bobbin shouldn’t toucan fromage tear
Yes, this may look similar to the passphrase we discussed earlier, however, THIS one has been generated in a way that makes it more random. It has far more entropy than ANYTHING we could create in our head. Using tools like Diceware can really make your passwords/passphrases “Super SLICK!”
This blog contains general information and is not meant to apply to a specific situation. Please seek advice of counsel before proceeding as each case is unique.