Creating the Perfect Password: Is it Possible to be too Secure?

Jim Manson Jim Manson
January 20, 2014
Web Strategy

These days, being asked to create a password is a very regular occurrence.

  • Passwords must be at least 8 characters
  • Passwords need a combination of upper and lowercase letters, punctuation, symbols, and numerals
  • Of course, it is suggested that users have a different password for each site
  • Passwords should be changed often

This list is enough to drive normal people crazy, especially when passwords cannot be repeated within the last 12 months. All of this security actually drives users to be less secure. What do I mean? When users have multiple complex passwords and they don't want to forget them...they write them down. They write these passwords on post-it notes stuck to the bottom of their keyboard, they write them on a pad of paper, they keep them in the top drawer, and they even post them on their cubicle walls for easy access and use.

Additional Password Problems

Users also like to have one password that works for everything, so they either use something called a single sign on (SSO) solution, explained further in our Account Manager Jason's previous series on SSO. For example, people use a Facebook or Twitter account (I won’t even start about all of the data that accumulates when that is done) or simply use the same password everywhere. Cyber criminals can steal passwords from websites that have poor security, and then use those same passwords to target more secure environments, such as banking or credit card websites.

How to Fix the Security Problem

One way to ensure everyone has more secure passwords is to teach users how to create a personal algorithm. Follow these easy steps:

  1. First, choose a 3 or 4 letter base word such as "cool". Or for an even better option, let's use C00l. That's uppercase C, zero, zero, lowercase L - knocking out three password requirements from the beginning!
  2. Then add a "dynamic" word based on the website URL or application name. For example, a password for Gmail might be “C00lgoogle” or for QuickBooks it could be “C00lQuickbooks”.
  3. For passwords that need to change often, use a date portion to keep it unique like MMMYY. With the dynamic word and a date it could be “GoogleJan14” or “QuickbooksJan14” and when a new month begins, update the password to be “GoogleFeb14” or “QuickbooksFeb14”.

This system allows users to: generate a new and secure password on the fly, use different passwords for each application or location and stay secure by meeting all of the criteria of a strong password.

In this digital age, staying secure is more important than ever. By using the above technique and teaching other users to be password generating machines, everyone can keep their data safer without a lot of additional technology or cost. Do you have a technique you use for creating a new password or for staying secure online? Feel free to share your techniques in the comments below!

10,000 Top Passwords by Mark Burnett
Creating Strong Passwords from Microsoft

comments powered by Disqus