The use of strong password is one of the most important, and undervalued, issues in cybersecurity

One of the most important, and still uncdervalued, issue in cybersecurity is the use of strong password. Here are the suggestions of Joseph Steinberg, one of the top cyber experts, CEO, and technology influencer. The aim is create a strong and relatively easy to remember passwords, that should provide sufficient security for most applications while preserving ease of use. At first, don’t use strong passwords on accounts that you create solely because a website requires a login, but which does not, from your perspective, protect anything of value. Then, understand that there are different levels of sensitivity. Your online banking password should be stronger than your password to a store at which you shop with one time credit cards, which in turn should be stronger than the password used on a site on which you comment solely on unimportant matters.

The multi-factor authentication and the passages to create a memorable, strong code

Steinberg suggest to increase cybersecurity that whenever it is available for a site requiring security, consider using multi-factor authentication. However, he underlines, that smartphones and the text messaging system are not totally hackerproof, and other people might have access to the devices that you use to access the site. For sites that need strong passwords, the cyber expert thinks that could be good create an memorable, strong code by doing some passages: Combining three or more unrelated words and proper nouns, with numbers separating them. For example: “desktop8jonathan3goats.” Such a password is far easier to remember than “w4x&Py6Q.” In general, the longer the words the better.

Some tricks for systems that require the use of a special character

For systems that require the use of a special character, people could add a special character before each number (e.g., “desktop!8jonathan!3goats”), and still keep things easy to remember by using the same character after each word in every strong password. “Such an approach is not the best way to do things from a security standpoint – states Steinberg – but, it makes memorization much easier, and the security should be good enough for most purposes anyway. Ideally use at least one non-English word or proper name with which you are familiar but which others wouldn’t easily guess that you selected as part of a password (so if your significant other has a non-English name don’t use it!) – e.g., ‘louvre!8iyengar!3goats.’”

Steinberg’s suggestions to increase password strength even further without making memorization difficult

To increase password strength even further without making memorization difficult, the cyber expert suggests consider using a couple capitals that always appear in a particular location throughout all of your strong passwords. “Just don’t put them at the start of words (e.g., the last two letters of the second word – ‘louvre!8iyengAR!3goats,” or by site type – e.g., “the second letter for banks, third for credit card companies, and fourth for all other sites,” or by the letter corresponding to the length of the name of the site being accessed – e.g., the fifth letter for chase.com, etc.)’. A password created with such an approach is a lot easier to remember than a complex, unintelligible mix of letters, numbers, and symbols, and since the pattern is similar for all of your strong passwords it makes memorizing many of them much easier as well. As before, the security tradeoff once a password is already relatively strong is likely worth it when compared with the improvement in usability”.

The adjustments that can be made to the overall three word approach

Another suggestion by Steinberg if there are many adjustments that can be made to the overall three word approach – you can dramatically improve the strength, for example, by switching to four words – the primary point is that there is a way to create a significant number of strong passwords without resorting to having to memorize many passwords like “w4q6zC4g&” and that the risk created by of using similar structured passwords seems far smaller than the risk of improperly storing, or frequently forgetting, complex passwords.

The cyber expert: Do not change passwords too often

Last, but not least: do not change passwords too often. “This recommendation may go against conventional wisdom – but that’s because many security professionals seem to think theoretically without a good understand of human weaknesses – writes the cyber expert -. The AARP itself states ‘Change critical passwords frequently, possibly every other week.’ Think about that for a moment. If you have a bank account, mortgage, a couple credit cards, a phone bill, high speed Internet bill, utility bills, social media accounts, email accounts, etc. you may easily be talking about a dozen or so critical passwords. Changing them every two weeks would mean 312 new critical passwords to remember within the span of every year. How many people stand a chance of remembering that number of codes, never mind complex codes? Changing passwords often makes if far more difficult to remember them – increasing the odds of their being written down and stored insecurely, of people selecting poor passwords to begin with, and of new passwords being set the same as old passwords with just minor changes. The recommendation to change all of one’s passwords regularly sounds, in theory, like good advice – concluded Steinberg – but, in practice, can actually harm security”.

The Steinberg’s integral post