If you want to test quite how bad your password is, check out password.kaspersky.com.
As you can see, a lot of the passwords commonly used in the dental market, pa$$word, D3nt4l, Buffalo1, Letmein1 and so on, are truly terrible passwords that can be cracked in minutes if not seconds. The problem is, no-one trains us how to make a good password. Yes, you probably have a vague idea that it has to be complex, but complex passwords are hard to remember, aren't they? Well actually, they don't need to be. It is possible to create a password that is both easy to remember AND complex enough to withstand even the most skilled hacker. And I'm going to share these skills with you!
Technique 1: the multiple word approach
Having a single word (usually appended with some numbers or characters) is BAD. Don't do it. Buffalo1970 is just as bad as Buffalo1, and even Buffalo1! isn't that great. You think you can change some characters to numbers? Buff4l01? Nope, that's not much better either.
But think of 2 unrelated words, or even three, and put them together. Great password! There are very good technical reasons for this, based on the way password cracking works, but suffice it to say that using 2 or 3 unrelated words in your password will make it virtually uncrackable, or at least so hard to crack that the assailant will move on to someone else.
Look around and what do you see? Some scissors? A church spire? A Cadbury's Creme Egg? Whatever! Put them together like this: scissors-spire-egg, and you get a password that Kaspersky estimates will take 208 centuries to crack. And it's not that hard to remember, is it? Even a 2 word one, scissors-spire, is an unusual combination and would take 7 months to crack. Add on a number and symbol and make one character upper case so the password checkers are happy, e.g. Scissors-spire1$, and you have a 5 century strength password. Not bad!
And if you are really lacking creativity today and need someone else to come up with the words, try correcthorsebatterystaple.net. Change "min words" to 2 and "minimum letters" to 10 and you will still end up with a very good password. NB: do not use any of the above now I've mentioned them, although if you are that daft you probably shouldn't be let near a computer at all.
Technique 2: the first characters approach
If you thought that technique would change your life, then you're going to really love this one. Think of one line of a song you like. Let's take as an example the great lines "Cause after all, he's just a man. Stand by your man!". Take the first set of characters, which is Caahjamsbym. Kaspersky gives this a rating of 33 years to crack. Not bad at all! Now add a number and symbol to keep the password checkers happy, and you will push that up even more. And despite how crazily complex that password looks, it will be remarkably easy for you to remember: just sing the song to yourself each time you type it out. This type of password creation technique is my personal favourite.
A few other password notes
-
Password expiry is pointless and stupid. If you get users to reset their passwords every (say) 90 days, they will just start writing them down and/or using the same passwords slightly amended. Either just creates issues for the users, or actually less security. Research now backs this up, and no less a company than Microsoft now recommends you don't set password expiry and force users to reset passwords.
-
Is it OK to use the same password for everything? No. If one site you use is breached, attackers will try that same email and password combination everywhere else. Use a different password for anything that matters, and consider a password manager to keep track.
-
Turn on multi-factor authentication wherever it's available. Read our article on what multi-factor authentication is and our security services for how we protect practice networks.