The strength of your password is often the first line of defense against cyber threats (and MFA should be the second, but more on that another time). As we continue to enhance our security measures, all of us must understand the importance of creating strong passwords.

The concept might seem complex, but it's quite simple when broken down. Let's look at how you can create a secure password that’s easy to remember but hard for others to guess.

source: explainxkcd.com

This comic highlights a common issue with passwords. Many of us create passwords like "Tr0ub4dor&3," thinking they're secure because they look complex. But in reality, they're not only difficult for us to remember but also relatively easy for password cracking software to guess. Worry not, because there is a better way!

The Secret? High Password Entropy

Entropy measures how unpredictable a password is. In other words, it's a way to gauge a password's complexity and randomness. For instance, a password that's a single dictionary word with a number at the end has low entropy. It’s predictable. However, a password composed of a string of unrelated common words, like "correct horse battery staple," has high entropy – making it difficult for computers to crack but surprisingly easy for us to remember.

Why Length Matters More Than Complexity

The strength of a password is not just in its complexity but in its length. A longer password will generally be stronger because it has more points of unpredictability. This means you don't have to strain to remember complex combinations of characters. Instead, think of a sequence of four or five simple, unrelated words that you can visualize as a mini-story.

Implementing the Strategy

• Use Common Words: Choose four random, common words to create a strong password. This method not only boosts entropy but also remains user-friendly.
• Visualization: String these words together into an image or story in your mind (please don't draw it on a sticky note). Not only does this make your password more secure, but it also makes it easier to remember.
• Avoid Common Substitutions: Passwords with simple substitutions (like "3" for "e") are easily cracked. Uncommon word combinations are much harder to predict.

Remember, your password is secure not because it's complicated, but because it's unique and unpredictable. By using a series of random common words, you can create a strong password that's both easy to recall and type, especially on smartphones and soft keyboards.

Using this strategy also requires fewer password changes. While conventional wisdom once dictated that passwords should be changed every 90 days, recent guidance suggests that this may lead to password fatigue, resulting in weaker passwords as users resort to minor, predictable variations of their current passwords.

Instead, it's recommended to change passwords less frequently, perhaps once a year or when a security breach has been detected as long as you are utilizing strong unique passwords. This approach, paired with ongoing vigilance for suspicious activity, can often be more secure than routine, scheduled password changes that may encourage the use of less secure passwords.

Take Action Now

It's time to update your p@ssw0rd. Think of it as a refresh for your digital security. Choose your new password wisely — one that's a breeze for you to remember but a challenge for others to crack. Not feeling creative? There's a tool for that: password generator.

With these tips, we can all contribute to a safer and more secure digital environment at our workplace. Change your password today and set an example for secure, smart password habits!

Need more IT help? Check out more of our IT Tips, or reach out to talk to an expert.