Password Complexity: A Simple Way to Improve Your User’s Security

A lot of organizations struggle with users who use weak passwords often and get hacked. While MFA can be a great help, keeping your users secure is important. A complex password is secure, but hard to remember, so oftentimes users pick the path of least resistance. And hackers know that.

Rotating a password too often can make users pick weak choices, “January2023!” may be used if they were forced to change their password in January. This is because it is one more thing to remember and employees focus on doing their job, not remembering complex randomized strings. It is recommended to change your passwords no sooner than every 180 days to avoid this, but no more than once a year to avoid hackers cracking passwords from a breach.

Users also often use passwords from other accounts, so it is fairly common for a breach of one social media company to be used against corporate accounts. This is why it is recommended to teach users how to come up with easy to remember passwords that are unique. A training program, followed by a password cracking audit can help you with this.

Teaching users that size matters more than randomness can be a big help. There are about 95 printable characters that can be used in a password, but there are over 150,000 english words. This means 12 random characters will have about 5x10^23 choices, and four random words has 5x10^20 options but this is a whole lot easier to remember (if we count words as a single character, this would be significantly larger against a pure bruteforce attack). Throw in special characters (33 options) in between and a two-digit number at the end and now we are at almost 2x10^24, which is 4 times as many possibilities. This means that a user will have to remember only six things: 4 words, 1 special character, 1 number; as opposed to 12 completely random characters. Add capitals, move the numbers around, and now we are at an extremely tough to crack password. If you can teach your users to make this fun, they may enjoy making strong passwords!

Examples of strong passwords:

• Zany-Zebras-Consume-Bananas-40

• 11^Friendly^Llamas^Climb^Mountains

• Honey)I)Shrunk)The)Kids)21

• I%Really%Wish%I%Was%Eating%2%Ice%Creams%Now

These can be easy to remember, tough against hackers, and make your users rotate their passwords with some level of creativity.

If you worry about how your users’ security may impact the organization if they are compromised, schedule a demo with Glassportal today: demo@glassportal.io