What Are Password Rules and How to Follow Them Safely?

There are a lot of guidelines and good practices that can help you create a better password. However, a research team the Carnegie Mellon University, led by professor Lorrie Cranor, is challenging and redefining some of them.

Ms. Cranor's team has developed a password security meter, similar to those employed by a great number of websites today. However, Cranor argues that those current implementations have rules in place but don't enforce them in a meaningful way. For example, password length and a mix of letters, numbers and symbols might be a requirement. However, a password like '$chrys4nth3mum$' may check all the required boxes on a current password checker and still be pretty weak.

What does the meter do?

Cranor's meter is equipped with a suggestions algorithm that can offer alternatives to passwords as users type them and attempts to teach them and help them understand why simply shoving a '1' at the end of a regular word you use as a password is not a good idea. Similarly, mixing upper case and regular case letters in the same string should be more than simply capitalizing the first letter of a word you use in your password.

The university's security lab, under Cranor's supervision, conducted tests using a number of participants who created their own passwords using suggestions provided by the security meter. Users were given one single fixed rule - to create a password that is at least 10 characters in length. From this point on, the meter's algorithm started offering dynamic suggestions to improve typed passwords dynamically.

What can you learn from the meter?

While the meter developed by Cranor's team has not been implemented in any live services just yet, there is a lot regular users can learn from it. It's important to remember that using any regular dictionary word as your password and simply putting a letter in front and a symbol at the back of the string is not a great idea.

Password brute forcing often relies heavily on preset dictionaries and current computational power allows a brute-force tool to go through absurdly high amounts of brute-force attempts each second.

Additionally, it's important to intersperse symbols and numbers in-between the password string and not just group them in one end of the string.

By Zaib
November 17, 2020
Password Security
English
November 17, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Change Your Ebay Password for Security

While still definitely newsworthy, one can hardly call data breaches a novelty. So many major tech companies and commerce giants have suffered one or more that it's hard to keep up. One of the biggest and most... Read more

April 3, 2020
Password Security

Google Introduces Password Security Changes

Login credentials remain to be one of the most targeted pieces of information by cybercriminals. Consequently, cybersecurity experts talk more and more about bad password habits and measures that both companies and... Read more

December 11, 2019
Password Security

Stop Using Your Mobile Device as a Password Vault

With the variety of ways to secure and lock your phone, including biometrics, a lot of people are starting to treat their mobile phone as a secure vault for all their personal information. This often includes banking... Read more

October 30, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.