Researchers from Kaspersky Lab are advising users that unique, memorable passwords are stronger and more effective than regularly changing account passwords when it comes to keeping data secure online.
The researchers have shared some easy steps that people can follow to create their own series of unique passwords. They also recommend installing a password management tool that does the hard work of remembering passwords for you.
Passwords are an established method of authentication for online accounts, but creating passwords that are both secure and memorable is not always easy, and is becoming harder as people have more online accounts.
If you create simple passwords that you are unlikely to forget, the risk of an attacker cracking it is higher. However, if you create a more complex password, you are more likely to forget it, so the chances are high that you will stick to just one or two and reuse them for multiple websites.
Kaspersky Lab researchers estimate that the greatest vulnerability of passwords is their re-use. As the recent release of more than 700 million email addresses and millions of unencrypted passwords showed, data from different breaches can easily be combined and used in ‘credential stuffing’ attacks, where hackers use victims’ email/password combinations to break into their other accounts that have the same password.
This risk is not reduced by changing passwords, but by making them strong. Further, this strength should be built not on complexity but on uniqueness.
“There is a lot of confusion about what a strong password actually means. Many websites now demand complex passwords comprising at least eight or more upper and lower case letters, numbers and special characters. This is what many users have come to equate with a ‘strong’ password, and it can seem pretty daunting,” said David Jacoby, security researcher in Kaspersky Lab’s Global Research and Analysis Team (GReAT).
“The good news is that strong doesn’t have to mean scary. When you look at the issue from a security perspective, you can see that passwords are generally strong if they are unique to you and to one account. There are easy ways of making them unique, yet memorable, so that they cannot be used to breach other accounts, even if the details are exposed in a data breach. Further, there are secure password management tools available, including Kaspersky Password Manager that make it easy to safely create and use dozens of unique passwords,” added Jacoby.
The following steps will help you to create unique, memorable passwords that are strong:
“For example, if the phrase you think of is ‘Twinkle Twinkle Little Star, How I Wonder What You Are,’ and the special character that you want to use is ‘#’, then your password for Facebook would be something like: T#T#L#S#Hblue. It makes no real sense when you look at it, or if someone gave it to you. But, since it’s personal to you, you understand the system used to generate your passwords, and you associate the word with the site, it’s easy for you to remember,” explained by Jacoby.