For the common user (most of us), passwords are the main security measure against cyber attacks. A password is a secret word or phrase that must be used to gain access. When hackers steal or guess our passwords, they can simply access our digital accounts and services. So it goes without saying that we need to secure our passwords and ensure they are strong and unguessable. I compiled a list of DOs and DONTs to secure your passwords.

WRITTEN BY
SAMER AOUDI

EDITED BY
EZOZA SUPIKHODJAEVA

Personal Information: Never (EVER) use personal data (such as date of birth, name, favorite things, etc.). There is something called a Biographical Dictionary attack where an attacker would compile a full dictionary based on personal information they gather from sources like social media.

Language: Never use words from any language. The most basic password-cracking technique is based on a dictionary attack. Password cracking tools can integrate dictionaries for any known language.

Patterns: Avoid using patterns. When users are forced to use long passwords (say 10 characters or longer), they end up repeating certain patterns (e.g., twotwo or aaaaaa).

Multiple Character Sets: Always use a combination of characters that include upper and lower case alphabets (ABab), numbers (123456), and special characters (#_!@$). A warning: this particular requirement can backfire. For instance, users may end up replacing every "a" with "@" or every "o" with "0" just to meet the complexity criteria. Attackers are aware of this.

Password Length: Microsoft and the US National Cyber Security Council (NCSC) recommend a minimum of eight (8) characters.

Password Managers: The reality is, we all have too many passwords to create and remember. Therefore, we end up cheating the system and reusing passwords across multiple platforms. There are many password managers that can both generate, store, and manage your passwords. Use one!

Oganizations: NCSC recommends using technology to secure passwords. As an example, they recommend the three-random word approach. The organization would then "salt" the password by adding random characters, and voila, you have a very strong password. In addition, organizations must use Multi-Factor Authentication (MFA) as an alternative to only passwords. As always, though, a little awareness goes a long way.