How strong is your strongest password really?

Simon Campbell-Young

However, recent breaches, such as the Ashley Madison breach where the identities of 37 million potentially cheating spouses were exposed, begs the question of whether we are focussing too much on long and complex passwords, as they can be compromised should the website have inadequate security measures in place.

Strong password, weak password

Simon Campbell-Young, CEO of Phoenix Distribution, says strong passwords are not linked to any details about the holder, such as children's names or birthdays. They cannot be guessed by knowing a little bit about the holder, and are resistant to brute force hacking. They are also not the more obvious 'password' or '123456' types of choices that a surprising amount of people still use.

However, he says that many websites with very specific password mandates, indicating that a password is weak, medium or strong, don't really analyse the strength per se, they only look at whether or not there is enough differentiation in terms of a mixture of upper and lower case, numbers and special characters, as the more differentiation there is, the more brute-force combinations will need to be used by hackers.

A strong password will certainly be more difficult to crack on websites that have basic password obfuscation methods in place, but a strongly protected weak password is most likely as good as a badly protected strong one.

"Today, most of us are overwhelmed by the sheer number of passwords and logins we need to remember. Every financial account, online shopping account, social media site, loyalty programme - the list is endless. It is no wonder that many people use the same password for each and every one, and keep their fingers crossed that each site and service has measures in place to prevent the interception of your password."

©iodrakon via 123RF

Managing your passwords

He says that for anyone who uses the same password everywhere, any single breach in which it's exposed that an organisation didn't protect password entry or storage, will be exposed at every other site. When your password leaks, cyber criminals now have an email address, username, and password combination they can try on other websites. "The solution here is to create strong, unique passwords by using a password manager, that don't require memorising a plethora of individual passwords."

According to Campbell-Young, password managers store your login information for all the websites you use and help you log into them automatically, encrypting your password database with a master password, the only one you'll be required to remember.

A password manager offers ease of mind, he says. "When you use a password manager and need to log into a Web site, you'll visit the website, but instead of typing your password into the site's login space, you type your master password into the password manager, which will automatically fill the appropriate login information into the website. No longer must you think about which email and password you chose for this particular site, the password manager does all the work for you. Similarly, when you are creating a new account, the password manager will issue a popup and offer to generate a secure, unique password for you."