I have been thinking about passwords recently, which made me think about my first interaction with using passwords. I was a sophomore in college and took a class called “Structured Programming” CS-251. For this class, I would need an account to a Mainframe computer to load and compile my code. The professor required everyone in the class to use same password, “cs251.” I was not going to challenge the authority of the professor, but this did not make sense to me. If everyone in the class was going to use the same password, then why have one at all? My friend, Parker, on the other hand, loves to challenge authority, and he asked the professor what I, and probably everyone else in the class, was thinking. The professor explained that no one can remember passwords, and it would slow our ability to make progress in the class if we couldn’t access the system.
Enforcing Strong Passwords
Thirty years later, forgetting passwords is still a problem. Because of this forgetfulness, people have used some techniques to help them remember:
- Writing their password down on a sticky note;
- Using familiar names or dates like your birthday or a pet;
- Creating easy to remember words like “Password;”
- Using the same password over and over again.
Each time the user community thought they figured out a solution to their password problem, the “Evil IT Department” came along and told them they couldn’t do those things.
With rules like requiring long passwords, enforcing complexity, frequent expiration, issuing limits on how often passwords can be reused, and restrictions on what words can be used, it is no wonder folks are frustrated by needing to use strong passwords. Now don’t get me wrong, these password requirements are a good thing for security as they help us keep our sensitive information safe. Hacking a password is generally how criminals gain access and steal confidential information or perform malicious acts.
Ways to Make Passwords Stronger
When I encounter someone struggling with setting and remembering strong passwords, I usually give the following suggestions:
A password should be relatable, so it is easier for you to remember:
- Think of something like your first car.
- Then think of using that in a sentence. “My first car was a white Ford F-150 I bought in 82.”
- Now take a the first letter of each word, and throw in a special character when you can, and you will have “MfcwawF-150!bi82” – a 17-character password easy for me to remember, but almost impossible to guess.
If the sentence password isn’t your thing, then another good technique is using random words:
- Think of two or three random words that you will remember, for example, ”Winter, School, and Food.”
- Now combine these with a number like your zip code or house number and you will have “Winter_Harvard_Pizza-19524” – a 26-character password, again very hard to crack.
Still not for you? Then look around your office or home office, and find items you see every day:
- Say you have a photo of your child, a stapler, a “World’s Best Mom” coffee mug, and an Office Depot note pad.
- You can use these objects to help you create a strong password – combining them to create a strong password that should be easy for you to remember.
- “TonyStaplerCoffee#1note” – is now a strong 23-character password.
A Commitment to Strong Security Protocols
IWCO Direct has built strong security protocols and provides many types of training to help our employees understand the importance of strong security, but anyone can become frustrated with passwords and may choose something too easy to guess. Every month, our IT Team runs a utility looking for weak or known compromised passwords that could be in hacker databases. Should someone at IWCO Direct be using a weak or compromised password, we inform them and have them change their password immediately.
My Computer Science professor was right… and wrong. People do have trouble remembering their passwords, but no one should consider weakening security to gain efficiency. Especially given the significant increase in cybercrime recently, we cannot put ourselves and clients at risk because we are using a weak password.