Password policy “U-Turn” for 2017

What we know

If you are in business, you will have looked to your IT department for help and advice on passwords. After all, your password is the key to your digital life and with it comes all of the intellectual property, documentation and wealth that you have accumulated over the years.

It is true to say that long, complicated passwords like "jv[G&)A#V7Py" are the safest to use and take the longest amount of time to crack. That is why your IT team recommend that you use these types of passwords, they have covered themselves by passing on this advice.

Whats the problem?

How on earth are we supposed to remember these ridiculously long and complicated passwords?

This has resulted in a trend where we are using predictable, everyday words like "football" and making a few obvious changes to turn them into a "compliant" password like "F00tbal!". It's easy to remember this password and it meets the requirements set out by my IT department… so it must be safe?

WRONG! The reason why this is not secure is because it is predictable. Substituting numbers or characters for common letters is a common trend that hackers are well aware of.

How can I fix this problem?

As we wait for the mainstream arrival of Biometric methods of authentication along with the wider adoption of Multi-factor authentication or Single sign-on, there is an another way of creating secure passwords that we can actually remember.

We should be adopting passwords that are random, long and complicated... but easy for US to remember and adapt for multiple uses.
Sentences like this one that includes an emoji and punctuation "My first postcode was LS29 ABC, on 201 Fake Street :-)"
• or passphrases like "Rainbow shoes Computer marmite" with four or more words that are completely unrelated so as not to form a sentence

Try not to use the same passphrase or sentence multiple times, rather adapt it slightly to suite the use- "Rainbow shoes Computer marmite" for your PC, "Rainbow shoes Bank marmite" for your online account.

I would also suggest using a password manager like that can help maintain that ever increasing list of digital identities that more and more of us seem to be collecting. It has it's limitations and while it can very easily create secure random passwords for you, they are almost impossible to remember and so not always practical.

As I work in IT..... and this is a document on advice for a secure password policy, I reserve the right to update this article at anytime and do another "U-Turn"!

Credit to XKCD for the image

Posted in News.