By: Craig Kennedy
For the last ten years, the first Thursday in May has been deemed World Password Day. World Password Day was created by Intel in 2013 as a way to reinforce awareness of the importance of strong passwords in keeping our digital identities secure and out of the hands of cybercriminals.
What Makes a Strong Password?
Almost everyone today knows that passwords like “abc123” or “qwerty” provide no real security against a brute-force attack, however it may come as a surprise to many that passwords considered reasonably secure as little as a few years ago are no longer considered secure.
Today’s off-the-shelf high-performance GPUs are able to crack even the most complex 8-character passwords in under an hour. The simple secret to a strong password is complexity and length, and the longer the better. Hive Systems just published their popular infographic on how long it takes a hacker to brute-force crack a password of different complexities for 2023, and the results were eye-opening (see infographic below):
Source: Hive Systems
Looking Beyond Passwords
Biometric authentication like fingerprint readers and facial recognition technologies have garnered a lot of attention as authentication methods and have been broadly implemented for various devices. As generative AI is becoming more available, deep fakes are becoming a concern as they have already proven to be capable of fooling some biometric authentication methods.
Passkeys may be the answer to finally weaning us off passwords. A passkey is a cryptographic key pair, one public that is registered with the entity you’re attempting to access, and one private that is retained on one or more of your devices. Passkeys are inherently more secure than passwords, however it requires adoption by all the websites, services, and apps that you access. The adoption of passkeys is accelerating with Google, Microsoft, and Apple all embracing the technology.
In the Meantime, Make All Your Passwords Strong
Weak passwords are one of the easiest ways for cyber criminals to gain access to your home or business network. Once your network is breached, these cybercriminals are masters at moving laterally within the network to compromise the rest of the systems on the network. As noted above, length and complexity are the real keys to a strong password.
So how do you remember a long complex password? Make it related to some phrase that you’ll easily remember, like “I Re@lly L1ke Ice Cre@m”. This is 23 characters, pretty easy to remember and is rated as very secure on PasswordMonster, a password assessment website. BTW: Don’t use this as your actual password as once this blog is published, I’m sure it will get added to a list for hackers to try, but you get the idea.
Embrace the Use of a Password Manager
There is a wealth of password managers available for use, some are free, and others charge fees. I’ve found that many of the features I’ve come to expect and use extensively are only available in the paid versions. The power of a password manager is that all of your passwords can be stored in the password manager, and they can all be long randomly generated passwords that you’ll never need to remember, because the password manager is remembering them for you.
It can also auto-generate strong unique passwords to use for each account you access.
The one password that you’ll need to remember is the master-password that will get you access to all your other passwords. Make that one very strong (mine is over 18 characters).
Bottom Line:
Even though there’s some alternatives to passwords being developed and rolled out that are more secure, passwords will be with us for the foreseeable future. While we still need deal with passwords, make sure to make them strong and store them in a password manager. And on the first Thursday in May, be sure to review your passwords and make sure you’re staying safe in the digital world.
This blog is a part of the Digital Operations blog series by Aragon Research’s Sr. Director of Research, Craig Kennedy.
Missed an installment? Catch up here!
