USA +1 855 726 4878  |  BR +55 11 3069 3925 

Password Strength: How to Create Strong Passwords for Credentials?

by | Mar 2, 2022 | BLOG

Password strength is one of the criteria considered when creating password policies. After all, this is one of the most efficient measures to prevent passwords from being breached. And worrying about this is of paramount importance for organizations today.

This is because the use of weak passwords is one of the major reasons for data leaks in Brazil, and many Brazilians still opt for passwords that are easy to discover, such as the sequence 123456, the password word itself, family and football team names.

With that in mind, we have broken down the subject in this article, explaining more details about password strength and its importance for information security. To facilitate your understanding, we divided our text into the following topics:

  • How Important is the Strength of a Password?
  • Five Steps to Create a Strong Password
  • Periodic Password Changes: Are or Are They Not Important to Ensure Security?
  • Two  Tips for Memorizing Passwords
  • Use Two-Step Verification or Multifactor Authentication to Protect Credentials 
  • Are Password Strength Meters Reliable?

Read to the end!

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

10 + 14 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

    How Important is the Strength of a Password?

    A strong password has the function of preventing your accounts from being hacked by malicious actors, as a weak password can easily be guessed by a malicious user, exposing you to data theft and extortion.

    If you are at the head of an organization, you have the aggravating factor of losing data from customers, partners, suppliers, and employees, which can bring great financial damage and damage to the credibility of your company.

    What’s more, with the constant evolution of technology, it is not enough to just worry about human hackers. Today, there is software capable of evaluating the behavior of users, in order to guess the chosen password.

    Some programs even perform combinations of words found in dictionaries and imitate patterns based on easy-to-memorize passwords, harming password strength

    We also point out that personal information exposed on social media, such as birthdays and names, also works against you and in favor of those who want to discover your passwords.

    Five Steps to Create a Strong Password

    Now that you know the importance of password strength, here’s what you should do to create a strong password and ensure its security:

    • Opt for long passwords: Short ones are easier to identify, so we recommend you set a password of at least 12 characters, however, we advise that the ideal is to use 14 digits or more;
    • Create a complex combination: One of the ways to ensure password strength is to gather numbers, upper and lower case letters, and symbols to make it difficult for cyberattackers;
    • Do not choose words that can be found in dictionaries, proper names, product or company names;
    • Do not reuse previously used passwords;
    • Words written backward are not an adequate solution to guarantee password complexity;
    • Think of a password you are able to memorize, even if it is difficult for others to guess.

    Periodic Password Changes: Are or Are They Not Important to Ensure Security?

    Periodic password change is a widely recommended measure to ensure password strength, but it has been the subject of some debate. Microsoft, for example, which used to recommend changing them every 60 days, started to consider this method useless and dangerous.

    That’s because people tend to create their passwords based on easy-to-identify references, as explained above, and when they change their passwords, they make minimal changes to the words or numbers used. That is, if the hacker knows the victims’ current password, they will have many chances to discover the new code.

    In addition, the malicious actor can use passwords already leaked in other security incidents to reuse them in other services. This practice is called credential stuffing, or password reuse.

     

    Two  Tips for Memorizing Passwords

    To ensure password strength, you will have to create complex and unique passwords. Therefore, you may have difficulty remembering which numbers, letters, and symbols were chosen for each one. Therefore, we prepared some tips for you to memorize these characters. Check it out:

     

    Use a Password Manager 

    We know remembering all passwords can be a burden for users. Therefore, we recommend using a password manager that allows you to store them, as well as suggest and create strong passwords. But remember you will need to remember at least one access, from the manager itself, and this must be difficult to identify, otherwise, the program could be violated and expose the other passwords.

    senhasegura is one of the solutions that can be used for the proper storage and management of passwords in your company.

    Create a Rule to Make Memorization Easier

    You know you must use a unique password for each platform or service you access, but you can follow a single logic to create all your passwords. 

    Another tip is to think of a phrase and shorten it to take advantage of its initials to create a password that is not obvious. However, do not forget the need to mix uppercase and lowercase letters, numbers, and symbols in order to ensure password strength.

    By following these tips, you are more likely to memorize your accesses, even if they are complex codes. 

    Use Two-Step Verification or Multifactor Authentication to Protect Credentials

    When it comes to protecting your credentials, you should not limit yourself to criteria that guarantee password strength. Some features can be very efficient to ensure your cybersecurity.

    One of them is two-step verification, also known as two-factor authentication (2FA). This is a mechanism that requires a second piece of data to give access to accounts, commonly in the form of codes sent by SMS or even an application token.

    However, we recommend you do not use text messages, as your mobile number can also be hacked. To generate codes through a token, it is possible to use authentication applications, such as:

    • Authy;
    • Google Authenticator; and
    • Microsoft Authenticator.

    Multifactor authentication (MFA) consists of a tool that uses at least two mechanisms to authorize access to online systems, inhibiting the action of criminals. The methods used are knowledge factors (passwords and codes), possession factors (tokens), and inheritance factors (such as fingerprint and facial recognition).

    Are Password Strength Meters Reliable?

    When you create a password and enter it on a platform, it can be classified by the password strength meter as weak or strong, receive a score, or even be associated with the colors green, yellow, and red. With this information, you have the opportunity to rethink your chosen password and adopt a more complex code.

    However, it is very common for people to question the efficiency of these password strength meters, which use algorithms to tell you if the password is strong in a situation of brute force attacks. The most problematic thing is that this type of attack is already old and today there are even dictionaries with lists of the most used passwords and patterns.

    One exception to the rule is zxcvbn, which includes these patterns in its analysis and, according to experts, is the best choice when it comes to a password strength meter. It is not an infallible technology, but it is certainly ahead of the rest. 

    Another feature you can use to ensure password complexity is a password generator. This tool makes it possible to create different combinations of characters automatically and randomly, making it difficult for intruders to work. 

     

    Reading this article, you had the opportunity to:

    • Learn more about the importance of password strength, one of the main recommendations when creating password policies, as it is a powerful action against intrusion attempts by malicious agents;
    • Get precious recommendations for creating strong passwords (use of long combinations of at least 12 characters; in a complex way, gathering numbers, upper and lower case letters, and symbols; without words that can be found in dictionaries, proper names, product, or company names, etc);
    • Learn about practical tips to memorize your passwords more easily, as in the case of using access managers;
    • Understand about other effective ways of protecting credentials, such as two-factor authentication (2FA) and multifactor authentication (MFA);
    • Know whether or not password strength meters are reliable.

     Did you like our content? Share it with someone else who might be interested in this information.

     

    ALSO READ IN SENHASEGURA’S BLOG

    High Availability: Technology that Guarantees Productivity and Credibility

    Invest in Disaster Recovery Strategies and Avoid Damages to Your Company

    Why Identity and Access Management is Important for LGPD Compliance

    $13 million growth investment drives senhasegura’s expansion in North America and the Middle East

    Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

    senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

    Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

    How User and Entity Behavior Analytics Helps Cybersecurity

    Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

    Best Practices for Consolidating Active Directory

    This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

    senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

    Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...