iT1 Resources

Building A Better Password

As a cybersecurity enthusiast for years, I am intrigued whenever there is a huge headline-making, media-frenzied security breach. Take, for instance, the million passwords that were hacked earlier this year by well … insert large multi-national corporation name here. We see you Ubisoft. It’s so disappointing. The fight against cybercrime is never ending but winning a battle or two would be nice.

While most folks not in the depths of your IT department have little involvement keeping your organization’s data under wraps, there are some best practices that even the least tech savvy of us can deploy. Apparently keystroke encryption, anti-malware products, and patch management are the keys to keeping big data safe these days. But a strong password is a great start too. Obviously, awareness is important as well, so I wrote this blog to do my part.

I’ve always been fascinated by passwords. When I was an IT support technician, every now and then, I’d need a user’s password. Ten years later, I still remember some of those passwords and I bet some of those users are still using them or at the least a close variation.

The Long and Winding Password

I love that the PIN on my iPhone is only four numbers. Like most humans using computers, I find a quick simple password I don’t have to think about is ideal. But for security purposes, length makes a huge difference in keeping a hacker out of your data, devices, and network. Something akin to “s%3urmom#~8k4$5t)” is practically unbreakable, but who has time to remember such as that? I certainly don’t. Still, an extra-long password can keep a hacker at bay for hours, maybe even days. I think he’ll move on to the next user after the first unsuccessful hour. But make sure it’s not something obvious. As much as I wish “Johnmarkivey!985” could be my go-to password, it would be like throwing a softball to a potential hacker. You want to make sure you’re throwing a curveball. Remember that dumb passwords are useless.

You Are in My System

When your password is due for its hopefully monthly change, have a unique system in place so you’re not stuck there banging your head on the keyboard until you choose something so difficult that you have to write it down on a Post-it note to remember it. It’s the 21st century. Stop writing down your password! Getting a system is as easy as selecting a list of words and accompanying numbers that you are aware of but that are not obvious to a hacker from a quick look at your public Facebook page.

Get Creative

As ingenious as “p@ssword” and “letme!n” were back in 1998, I encourage you to get creative with your password hierarchy. Don’t be fooled into thinking that “asdfgh89” is that much more secure than “qwerty12”. I was raised near the NC/SC border where every crossroads is a named community. Using towns on the way to North Myrtle Beach as an endless inventory of passwords almost makes it kind of fun. Coupling Dillon with Highway 501 to make “501dilloN” served me well for a month. As did “sc9mullinS,” “904loriS,” and “378conwaY.” Retired Duke basketball jerseys got me through a year, from “43giminskI” and “24dawkinS” to “31battieR” and “jj4reddicK.” You UNC Tar Heels and Chicago Bulls fans should probably steer clear of anything to do with Michael Jordan though. I’ve seen “Jordan23” on the most common password list before.

Place names and surnames (that aren’t your own) work well in passwords because they are words typically not found in the dictionary, which are not recommended. Pepper your password with special characters, such as: -+,~‘!@#$%^&*()=_’”{}[]|\?/:;>< to make them even stronger.

I hope this information will help keep your passwords more secure. Of course, it’s essential that your browser is up to date and patched to the latest version available. It’s also imperative to have up-to-date antivirus software. After all, even the most complex new password is useless if you haven’t removed malware from your computer or if a keylogging virus has been downloaded, which will still allow the hacker access to your data.


John Mark Ivey is an award-winning designer and journalist with an extensive background in corporate communications, advertising, and digital marketing. A cancer survivor, he serves as social media and digital marketer at iT1.


<< Back to Resources