Home IT Support CRM xRM Business Continuity System Monitoring News About Contact FAQs

How to choose strong passwords for your IT system (that aren't difficult to remember)…

In our last article, we discussed how a good password policy is a crucial first line of defence in your IT security efforts. This article goes a little further by showing you how to choose better passwords.

Experience suggests this if you take this step, you'll raise your security above a bar that many companies still set alarmingly low. As a provider of business IT services we see far too many easy-to-crack password combinations that leave corporate IT systems open to attack.

The objection to choosing stronger passwords is that they'll be too complicated or difficult to remember. From a machine point of view, it's true that they need to be complicated, in order to be hard for a stranger to guess. But from a human point of view, there are ways of devising a complex password that can be surprisingly memorable.

First let's deal with how to make them sufficiently complex:

Above all else, don't use words or data strings that are easy to guess from your company or personal data. That includes your business name, postcode, own or spouse's names, years of birth and so forth
You'll need to use as wide a character set as possible, not just lower case letters. Numbers and capital letters are a system requirement nowadays for many passwords.
To make this more secure, avoid the temptation to make only the first letter a capital, or to add a "1", "99" or "123" as a token number at the end. Avoid the obvious route and vary where numbers and capitals occur.
You can substitute numbers for letters, but don't just choose 1 for "i", 0 for "o" and so on. "P4ssw0rd" is not a secure option.
Punctuation characters add extra security, although it's better to choose common characters such as * or $ that can be found on any keyboard, rather than £ or ^.

Now let's deal with how to make them memorable. If you're going to follow all the above steps, how can you do it without having to memorise a string like "uf12Wt%7Klr"?

Instead of dictionary words, choose passwords that are based on phrases or combinations of data. This is where the human brain excels at memorising complexity.
For example, you could turn "our IT system is well protected" into "rITsiwP", using one character to stand for each word, substituting 'r' for 'our' and varying the capital letters
You could go further by substituting a 5 for the 's': rIT5iwP. This now has an expanded character set
Or to be still more secure, lengthen the phrase and introduce a punctuation character. E.g., "nice try, guys, but we're too security conscious for you" could be "ntGbw2$c4u": a ten-letter password chain with high complexity.
Get your staff started by coming up with your own phrases for them to encode them in a way that makes sense individually; that way, you'll have dozens of variations in use at any one time.

If you need further advice on running your business IT systems in a secure way, Chorus has been providing outsourced IT services in Bristol and the surrounding area for 10 years and we'd be happy to help. To discuss password security, IT support and more, call us on 01275 398900.