What's in a password?

John H., Fri Oct 13 2023 • password strength 2FA cybersecurity Hack The Planet

Passwords are the first line of defense against cyber criminals and their attempts to obtain unauthorized access to your personal data. In fact, compromised passwords caused 80% of all data breaches in 2019, resulting in financial losses for both businesses and consumers.

Passwords that are considered strong are difficult to guess or crack. The length of it should be at least 12 characters and it’s important to include a mix of upper and lowercase letters, numbers, and symbols. Personal information such as your name, birthdate, or address, should never be used as these can be easily obtained by cyber criminals. Using a passphrase that is easy to remember but difficult to guess, such as 'MyDogIsTheBestDog!', changing some of the characters to numbers and/or special character, such as 'M7d0^!s7h#B35tD091'.

I write this next sentence with shame and guilt......Each account should have it’s own unique password. It’s not that difficult to do and if one password is compromised your other accounts will be safe. Password managers used in combination with a good 2FA solution can help you generate and secure your passwords. They can also help save time by autofilling your passwords in websites so you don’t have to remember them at all. I have started implementing this solution with all new accounts but legacy accounts may or may not have very similar passwords.

Two-factor authentication (2FA) can add a very robust layer of protection for accounts. It comes in different forms but 2FA will always require two different authentication factors, such as password and code generated by an authenticator application like Authy or GoogleAuthenticator. Other methods include receiving a text message that contains a code for the second layer of authentication. The benefit is that if an attacker guesses or otherwise obtains your password they won’t be able to access the account without the 2FA code. Receiving emails and texts are the least secure methods and other options should be used at all cost. The gold standard of 2FA is a hardware key. While nothing is unhackable this is the most difficult to bypass.

Absolute security is impossible. The use of sufficiently complex passwords unique to each account and requiring a strong 2FA solution you can get pretty close.