Simplifying Password ComplexityCategory:Information Security,Infosec Communicator,password,Uncategorized
Let’s be honest. Passwords are a pain. We all know that it’s important to have different passwords for different places and we all know that they need to be fairly complex. We also know that remembering numerous passwords, especially strong passwords, can be a challenge. So what’s the best strategy?
In this article, I’ll talk about how to create memorable (but strong) passwords and suggest a tool that will make constructing and remembering strong passwords easier.
In general, the strength of a password depends on two factors: length and complexity. Although there’s some disagreement, length is more important than complexity. (For a humorous illustration of password complexity, read the XKCD comic at https://xkcd.com/936/)
Increased complexity makes it more difficult to create a password that you can remember. The idea of a long complex password may be overwhelming. However, increasing password length alone can result in a password that’s memorable and stronger. Because of the way Windows stores some passwords, the “magic number” is 15 characters or more. A traditional complex password of 15 characters might look like this: “qV0m$$#owc2h0X5”. I don’t know about you, but there’s no way I’m going to remember a password like that. You COULD write it down and store it securely, but it’s not the easiest password to enter on a keyboard, and storing passwords in a browser or in a desktop application is insecure.
Here are a couple of strategies for strong passwords.