A strong password is a crucial aspect of cybersecurity, especially when Single Sign On (SSO) is not used. Spigit has technical controls coded into the product that enforce the following:
- a minimum length for a password
- password complexity - use of numbers, symbols, and mixed case
- expiration timelines for passwords (reset every 90 days or other amount of time)
- lockout when a password is entered incorrectly a specific number of times
Password restrictions can be customized for a site. The default for Spigit is the following:
Password has to be 8-20 characters long and contain at least one uppercase letter, one lowercase letter, one number and one special character.
Below are tips from leading experts, to consider when creating your password.
- Make it long. This is the most critical factor. Choose nothing shorter than 15 characters or more if possible.
- Use a mix of characters. The more you mix up letters (upper-case and lower-case), numbers, and symbols, the more potent your password is, and the harder it is to crack it.
- Avoid using personal information (your phone number, birthday, address) or your pet’s information, etc.
- Use a unique password for each separate account.
- Avoid common words like “password” or “home”.
Strong Password Ideas and Examples
- Make sure you use at minimum fifteen characters. That is where it can get tricky. As previously noted, you should avoid using personal information or your pet’s information — those are the first choices for hackers to try and exploit. In determining your password strength, pay close attention to two significant details: the complexity and length you choose. Long-tail, complex passwords are tough to crack. To create complex but memorable passwords, use different types of characters, a mixture of lower and uppercase letters, symbols, and number
- Do not use directly identifiable information. The ones trying to hack into your accounts may already know personal details such as your phone number, birthday, address, etc. They will use that information as an aid to more easily guess your password.
- Use a unique password for each separate account. If you use the same password across multiple accounts, you could use the most reliable password possible, and if one account is compromised all of them are. The recommended best practice is to create a strong password ideas list and use it for all your online accounts. Your unique list of passwords should be kept safe.
- Avoid common dictionary words. This mistake is the toughest one to avoid. The temptation is always there to use ordinary, everyday dictionary words. It is true that the most common password used today is, “password.” Avoid plain dictionary words as well as a combination of words. For instance, “Home” is a bad password. However, adding “Blue Home” isn’t an improvement either. A strong hacker will have a dictionary-based system that cracks this type of password. If you must use a single word, misspell it as best as you can or insert numbers for letters. Use a word or phrase and mix it with shortcuts, nicknames, and acronyms. Using shortcuts, abbreviations, upper and lower case letters provide easy to remember but secure passwords.
“Pass Go and collect $200”– p@$$GOandCLCt$200
“Humpty Dumpty sat on a wall” — humTdumt$@t0nAwa11
“It is raining cats and dogs!”– 1tsrAIn1NGcts&DGS!
- Incorporate emoticons. Emoticons are the text format of emojis, commonly seen as various “faces” such as :-)
- You may also find remembering a sentence for your password works well if it refers to something easy for you, but complex for others, such as, “The first house I ever lived in was 601 Lake Street. Rent was $300 per month.” You could use “TfhIeliw601lS.Rw$3pm.” You took the first letters of each word, and you created a powerful password with 21 digits.
- If you want to reuse passwords across numerous accounts, this technique is particularly useful as it makes them easy to remember. Even though, as already mentioned, you really should use separate passwords, you can customize each per account. Utilizing the same phrase as above, “Humpty Dumpty sat on a wall” we created a secure and reliable password, and now you can use it on Amazon, Netflix, or Google accounts:
Here are good password examples using this technique:
Weak Passwords to Avoid
Everyone is guilty of creating easy to guess passwords at some point in their digital life. You might feel confident that when you chose “3248575” that no one would figure out is your phone number. The examples below add to what are weak passwords that at first appear strong. However, once you look a little closer, you realize what is missing.
A brief explanation of what makes these bad choices follows each:
- 5404464785: Using numbers such as these quickly reveal someone’s phone number. By using this strategy, you are breaking two basic rules, using personal information and all numbers.
- Marchl101977: The birthday password. Even though this password contains a combination of numbers with small and capital letters and is over ten characters long, it is a disaster waiting to happen. It too breaks the rules by starting with a standard dictionary word, use of personal information and it lacks special characters.
- P@ssword234: You may at first feel this password meets the basics. However, it indirectly fails our tests. While it does have over ten characters, contains special characters and numbers, a mix of the letters, and it does not include any personally identifiable information, it is still considered weak. Because of how easy they are to guess, replacing letters for symbols is not a strong recommendation. It also offers the standard “234” sequential pattern.
This article was excerpted from: