The foundation to secure passwords strategies is having a strong password. What makes a strong password? Longer=stronger. Even with two-factor/multi-factor (2FA/MFA) implementations, getting past the first step of cracking a password can be enough to deter a potential hacker. They will move along to an easier target.
Characteristics of a good password are:
- Long-at least 14 characters or more. Think in terms of a passphrase.
- Complexity-a mix of upper/lower case, numbers and symbols
- Reuse-Not anything similar to past passwords
- No common words used in a dictionary, name of a person, birth dates, organization
- Unique-use a different password for each site or application
- Change your password on a regular basis.
- Private-never share your passwords with anyone
Double-blind password strategies are a way to create strong and unique passwords as well. This involves a password splitting technique. First you would store the long, complex string of the first part of the password in a password manager and use a shorter, unique identifier to tack onto the end. That way you only need to remember the shorter part of the code.
It would look something like this:
- Complex, stored preface of password: 2k4xhnsig?d
- Short, unique identifier: t43x
- Put it together as: 2k4xhnsig?dt43x
There are a lot of recommendations and strategies when it comes to passwords. You will need to evaluate which method works best and is secure in your environment. An eye-opening graphic of the time it takes to crack a password, base on length and complexity, can be seen in the graphic on this page.
Passwords alone are not the sole answer to secure practices. 2FA/MFA can also assist with authentication.
This can be in the form of a token, PIN, biometrics or code.
Resources:
What’s a Double-Blind Password Strategy and When Should It Be Used