• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Vitanium logo

Vitanium

  • Home
  • Products & Services
    • Datahive cloud backup
    • Veeam cloud connect backup
    • Veeam cloud connect for MSPs
    • Veeam Cloud Connect Replication
    • Cloud email filtering
    • Cloud email archiving
    • Virus Protection
  • Solutions
    • Office 365 Solutions
    • Ransomware
    • Business continuity
    • GDPR
    • Backup for education
  • Pricing
    • Datahive backup
    • Veeam cloud connect
    • Cloud email filtering
    • Cloud email archiving
  • Partners
  • About
  • Blog
  • Contact
is your password secure

Is Your Password Secure For 2019 Standards?

February 21, 2019

Does your company force a password every couple of months? Well, you may be surprised to hear that the latest recommendations on password security from the National Cyber Security Centre (a part of GCHQ) is to avoid this practice. In fact, this isn’t even new. They published this password advice in 2015!

Forcing users to change a password too often will usually lead to one of two things. Either they will choose something that is hard to remember, using a combination of capital and lower case letters, numbers and punctuation, but usually quite short as it takes longer to remember and type in.

Or they might use a password that is easy to remember and just change a number at the end of their password string. Maybe they will do something a little more complicated, but it is extremely common for subsequent passwords to be very similar.

In the first case, this is very inconvenient for users and they may end up having to reset passwords regularly, which can often lead to them doing the second scenario. Why is this an issue? Well, if a hacker gets hold of a password it isn’t going to take them long to figure out minor changes, or even complicated changes if the base word is the same. These passwords are also usually relatively short as users are still forced to add numbers, punctuation and include both upper and lower case characters, so they keep them short and easy to remember.

Short passwords can be brute forced in a relatively short amount of time even by your average home computer. For example, the random 8 character password of “+Df?x7;@” would take about 12 days to brute force normally. However, if the hacker has access to a botnet, this could be reduced to 4 hours or less. It is hard for a human to remember, but really easy for a computer to figure it out.

The current recommendation is to use a password made up of 3 or 4 random words that have nothing to do with you. For example, something like, “AngryCarrotWhispersAlone” would take more than 160,000 years to brute force as it is 24 characters long but is easy to remember. It helps to have something random that conjures strong imagery in your head to aid with remembering. You don’t want to have to write it down anywhere to remember it!

Quick tips:

  • Use a different password for every site. If one site gets compromised, you don’t want hackers to be able to use your password to log into other sites.
  • If you speak more than one language, you could include an uncommon word from a different language. If not, you could use a colloquialism or the name of a really obscure celebrity. This is all just to add another layer of protection against hackers who could use lists of common words to try and speed up the hacking.
  • It can be hard to think of something completely random. Try using a random word generator like https://www.textfixer.com/tools/random-words.php to get some ideas. After generating words a few times, I came up with, “FrozenArcaneParachuteShipment” and “ShotgunHoneybeeMohawk”
  • Check how strong your password is using Kaspersky’s strength checker. It even tells you how long it would take to brute force your password. https://password.kaspersky.com/
  • If possible, use two-factor authentication, password managers, completely random long strings of varying characters and ignore most of what I’ve said so far. Those methods are a lot more secure. This is just advice for if these are not available and you have to remember passwords.
  • Your password might already be compromised. Click here to read about a massive data breach from earlier this year, including a way to check to see if you’ve been compromised!

Filed Under: blog

Footer

EMEA

Vitanium

Europe, Middle East & Africa
phone + 44 (0)345 258 1500
email info@vitanium.com

America & Asia

Vitanium

10 Lanidex Plaza West Ste 213
Parsippany, NJ 07054
phone +1 973 526-2979
hotline +1 973 526-2988
email info@vitanium.com

Asia Pacific

phone +65 6353 0555
hotline +65 6353 7448
email info@vitanium.com

Newsletter Optin

Sign up to our newsletter for the latest in backup and data protection solutions. No spam - we promise!

  • LinkedIn
  • Twitter

Useful links

  • Home
  • Datahive cloud backup
  • Veeam cloud connect backup
  • Veeam Cloud Connect Replication
  • Office 365 Solutions
  • Cloud email filtering
  • Cloud email archiving
  • Pricing
  • Partners
  • About
  • Complaints

Copyright © 2021 · Vitanium Cloud Limited.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.