Blog Post

Best Practices for Creating Passwords in 2023

Nate M.

The security of your business is our top concern. These are the Eberly Systems recommendations for creating good passwords in 2023.


Password Recommendations

We all know that long and complex passwords are much stronger than short and simple passwords. So, how can you easily make a long complex password that you can remember?

First and most importantly, the longer the password the better . A lot of security professionals have been suggesting the use of “passphrases” rather than “passwords”. Secondarily to length, a more complex password is better than a simple one, and thirdly, a less guessable password is better than a guessable one. We will cover each of these areas in this article.

Definition : “Passphrase” – A password that is made up from an easy-to-remember phrase rather than a single word.

What To Do

Again, the longer the password, the better! So, let’s get started!

Step 1: Try to think of a few words together that you will be able to remember. Leave the spaces in there. For example:

Tony’s cat ran up the stairs

The above phrase by itself is already 28 characters long! This is a great starting point, and it’s already exponentially more secure than a typical password!

According to a popular password strength meter, this password would take 3 hundred trillion years to break.

Step 2: Make some random changes to the phrase that you can remember. You can substitute numbers or symbols for words, change the case of a word, or add punctuation. Make as many changes as you are sure you will be able to remember, like this:

T0ny’s cat - ran UP the stairs...

Now, you have a long and super secure password that you can remember!

The same password strength meter indicates that this password would take 27 billion trillion years to break.

Some more great tips:

Can’t think of a phrase? Look around your desk and see what is lying around, then pick some random things and string them together:

stapler paperclip telephone pencils

If you’re a language buff, mixing languages is a great idea to make your password harder to break!


What Not to Do

Don’t use short passwords!

The following password is very complex, but it only has 6 characters. The same password meter that showed the passphrases in the last section would take trillions of years to break says that this one would only take 1 year.

J&~7*h

Avoid common words

The worst passwords are made up of common simple words, like “password”, or “iloveyou”. Some other common words to avoid are “monkey”, “letmein”, “dragon”, seasons like “summer” or “winter”, a month like “January” or “June”.

Don’t use patterns from your keyboard

The password 123456 is the most frequently used password in the world according to recent breach statistics. “qwerty” “asdf” and “1q2w3e4r” are all examples of very commonly used passwords that are very easy to crack.

Avoid guessable words

Don’t use part of your name or your company name or department as part of your password. These are among the first things that attackers will try.

This extends to anything that can be found out about you. Don’t use a friend or relative’s name, the names of pets, or the dates or details of life events you may have posted to social media.

Avoid the most obvious patterns

It is very common for people to make a password that is a word follow by some numbers followed by some punctuation, like this:

Pizza123@!

The above password is the weakest one we’ve shown in this article. The tools that attackers use could break this password in under 20 seconds.

Avoid using common phrases or song lyrics

Even the longest passphrase might be guessable or susceptible to a password breaking tool if it uses a common phrase or a part of a song lyric. Try to use something that isn’t out on the internet.

Use A Password Manager

It is important to have a different password for every one of your accounts. But how can you remember all these passwords??? The simple answer is: you don’t need to! Enter the wonderful world of password managers!

With a password manager, you need to choose one good long password that you can remember and leave the rest to your password manager! In practice, you’ll need to remember a total of two passwords: the one you use to log in to your computer, and the one that unlocks your password manager.

Your password manager can even generate long random passwords that are great for security.

There are several free password managers out there that you can use for personal accounts. For business, it’s best to have a more managed solution that can provide a safety net in case you forget your master password. Of course, Eberly Systems has a solution that we can implement for you.

How Passwords Get Hacked

Okay, so longer is better, and then secondly, more complex is better, and then thirdly, less guessable is better. But how does this all work? How does a hacker figure out your password?

Dictionary Attacks

One of the tools that hackers use is known as a dictionary attack. In this kind of attack, the attacker will use their computer to try as many passwords as they can against a file, hash, or database in rapid succession. These tools will use algorithms that will start with the most common words and passwords first and try different combinations of uppercase and lowercase and add numbers and special characters to different parts of the password until it finds a match.

Phishing

Phishing is when an attacker tries to contact you and convince you to give them information. This could be an email, a text, or a phone call. They will often use pieces of information that make them sound more trustworthy, like the name of your boss or coworker.

Malware

Regardless of how secure your password is, in extreme cases, there are other ways that attackers can get your password. If your computer has been compromised by malware for example, a remote attacker might be able to get your password simply by you typing it into your computer!

This is why it’s important to have strong security tools to keep your computers safe, and to implement multiple layers of security. At Eberly Systems, we have carefully selected a combination of security software and tools to prevent even the most dangerous malware from breaking through.

Multi-Factor Authentication and More

Although it’s beyond the scope of this article, your passwords offer only a single layer of security. Wherever possible, you should be using MFA (Multi-Factor Authentication) in addition to strong passwords to protect your accounts.

To learn more about Multi-Factor Authentication, see our article on the topic:

Multi-Factor Authentication Tips to Boost Security (eberlysystems.com)

fish hook
By Eberly Systems 20 Sep, 2024
We're all in the same boat trying to avoid cybercrime! Here's our top ways to identify a potential phishing attempt.
By Eberly Systems 10 Sep, 2024
Focus on integrating with new team members and new customers
By Eberly Systems 09 Jul, 2024
Keeping you abreast of security news
By Eberly Systems 02 May, 2024
West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.
computer help with IT support
By Eberly Systems 16 Jan, 2024
A trusted MSP can be your invaluable strategic partner.
By Eberly Systems 02 Jan, 2024
These 5 key features of Office 365 Business Premium make it essential for businesses to have.
set of keys
By Eberly Systems 19 Dec, 2023
Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.
construction site
By Eberly Systems 03 Jul, 2023
After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.
By Nate M. 01 Jun, 2023
SharePoint file storage has both features and limitations that you should be aware of while storing and accessing files. Here's a rundown.
By Nate M. 05 Jan, 2023
These are the Eberly Systems recommendations for creating good passwords in 2023.
More Posts
Share by: