Why Experts Are Now Calling for a 13 Characters Long Password?
If you would have to write down every single password that you use currently on a piece of paper, how many of them would pass as strong, complex, and impenetrable? One might say that such a password does not exist, and it is true that even the seemingly strongest combinations can be leaked or cracked with enough persistence. That, however, does not mean that users should use weak and easy-to-remember passwords because those are the ones that fall apart first. Hackers do not even need to guess them themselves as software and hardware dedicated for that exists.
While cyber authentication experts are coming up with new ways to log in and lock virtual accounts, passwords continue to be used by most people. Unfortunately, with the growing number of security backdoors and cyber threats, the password strength requirements are shifting also. While a 6-digit combination might have been good enough even a decade ago, the length of what would be considered a strong password has been growing steadily. At the time of writing, the strong password length requirement had increased to 13 characters at the minimum. Of course, the length of the combination in use is not the only thing that matters. In fact, even a 20 characters long password could be weak.
Why do you need a 13 characters long password?
John Leonard from computing.co.uk participated in a web seminar, during which detective sergeant Chris White from the South East Regional Organized Crime Unit suggested that “security professionals recommend that passwords should be at least 13 characters long.” Whether you live in the United Kingdom, India, Belgium, Gabon, or Kiribati, the recommendations are the same. Of course, when it comes to password strength, length is not the only factor to pay attention to. The Total Strength Score of your password is estimated based on many things. Does your password consist of a word, a modified word, a sequence of numbers, a combination of letters and numbers, or a combination of letters, numbers, and symbols? Needless to say, it is always best to use a combination of all available characters, including numbers and special symbols. If the combination is random, and if you use at least 13 characters, in theory, it should be almost impossible for hackers to guess it.
Unfortunately, some people think that if they take time to create a strong password, they can reuse it over and over again. Without a doubt, it is very easy to use the same key for all of the virtual locks that you own, but that is not a safe practice. Let’s say your password is leaked during a data breach – which no company appears to be immune to – and then hackers can use one combination to gain access to multiple accounts. Without a doubt, even one breached password could cause issues, but it certainly is better to deal with one hacked account rather than many of them. Note that it is not a good idea to create slight modifications of the same password either. For example, if your Facebook password is f7EwcB3w7nvYN, it is NOT a good idea to use g7EwcB3w7nvYN as your Google password. Of course, while that is better than using password1, password2, or password3, that is still not safe.
Strong password length requirements change accordingly to what is going on
Surely, you know that communities around the world are collectively going through the COVID-19 pandemic at this time. More than ever before, people are working, studying, and homeschooling from their homes, shopping on e-commerce websites, gaming, and, generally, spending more time online. This has created more opportunities for cybercriminals of all kinds. The numbers of ransomware attacks and phishing scams continue to grow, and some people are more vulnerable than ever before. Ironically, there are also more security tools and security methods than ever before, and so it really is up to people to protect themselves.
Starting with password strength, it is highly recommended that you review how you create, manage, and protect all of your passwords. FBI has warned not to use browsers for password storage, but if you choose a trusted and genuine password manager, you do not need to lose the convenience of having your password autofill within a browser. If you employ Cyclonis Password Manager, for example, you can install a matching extension. Using it, you can have all of your unique and complex passwords – which the tool can help you generate – filled in automatically. The good news is that before they are filled in, they are encrypted, and the vault securing them cannot be breached if you lock it with a secure password and also add two-factor authentication.
Password strength goes hand in hand with appropriate security practices
Password strength and length matter, but, as you now know, that is not all that matters. Your password has to be unique and complex, too. It is also crucial that you take appropriate steps to secure yourself in the virtual world. We have already mentioned the use of two-factor authentication. While it might be most important to add two-factor authentication to those accounts that are most sensitive (e.g., online banking, Google, email, social media, etc.), we recommend that you add 2FA protection for all accounts, whenever that is available. While you are adding additional authentication, you should also take the time to go through all security settings to see what else you can implement for your own safety.
Once you have password strength pushed to the max, you also need to look into other things that can aid you in virtual protection. Since phishing scams are particularly prevalent these days, we suggest paying closer attention to the emails, direct messages, posts, phone calls, and texts you receive. Do NOT interact with messages that are clearly sent by schemers. If you do not know how to identify phishing scams, you should continue reading HERE. You have to be particularly cautious about links and attached files because those can lead to malicious websites – which, for example, can impersonate familiar sites – and execute malware launchers. Hopefully, you will keep this and password strength in mind from now on.