Bad news: The trick you use for stronger passwords doesn’t work

Bad news: The trick you use for stronger passwords doesn't work
© Ronstik | Dreamstime.com

With cybercriminals constantly looking for new ways to rip you off, you have to take security seriously. Since passwords are your first line of defense against cybercrime, it’s the first place to begin strengthening security.

Unfortunately, many people are still using weak passwords that take hackers a matter of seconds to crack. You wouldn’t believe how many people are still using things like “password123.”

How do you come up with a strong enough password while still being able to remember it? The good news is that scientists have come up with a far better system to help you protect your identity. And not having to click on the “Forgot password” button every two months.

Passwords shouldn’t be difficult

Researchers from Carnegie Mellon’s CyLab Security and Privacy Institute found that the sweet spot is memorable passwords that consist of 12 characters. How do they know this? Because they’ve spent nearly a decade researching this very problem.

In 2016, a team of researchers noticed that traditional password and security policies for many websites are wrong. While they require users to create multi-character, symbol and number passwords, it didn’t always mean it was more secure.

Another problem is the more complex a password is, the easier it is for the user to forget it. And this is the problem that the team set out to solve.

By creating a password strength meter powered by an artificial neural network, you can test your own skills at creating a strong password. The meter provides you with a strength score and suggests stronger phrases when needed.

After they discovered what constitutes a strong password, the team put it to the test. In an online study, the team asked participants to create random passwords against various security policies.

Easily remembered

As expected, the passwords that conformed to the team’s password strength meter outclassed the other policies. Not only did the passwords pass the test, but users could recall the passphrase up to five days later.

“The policy we developed allows users to create passwords that are both easier to remember and more secure against sophisticated attackers,” said Lorrie Cranor, director of CyLab and a professor in the Institute for Software Research.

The researchers are now hoping that other websites will make use of their technology. The password strength meter is only a few kilobytes in size, making it ideal for coding into services and apps.

You can be assured that the team’s hard work has taken all factors into account. To arrive at the perfect 12-character password, they tested their system against several minimum-length requirements, character class requirements, minimum-strength requirements and password blocklists.

If you struggle to remember a password, you should never write it down. The best solution would be to use a password manager.

Password managers function as the name implies: They store and manage all your website and service passwords. The only password you need to remember is the master phrase to the service.

Password managers remember all the phrases, security questions and identities, and log you in when visiting a website. They can also suggest and change passwords for you. In fact, some managers will automatically require you to change passwords every two months. That in itself is an excellent idea.

Tags: apps, cybercrime, cybercriminals, hackers, matter, network, password managers, passwords, privacy, research, security, two-factor authentication