GlobalSign Blog

So, How Should I Create My Password? 

So, How Should I Create My Password? 

All it takes to get cyber-attacked is one connection to the internet. You probably already knew that, but it doesn’t hurt to remind you.  

Creating a safe password is the first step to mitigating this invasion. People still think hackers are not interested in their profiles because they believe they are not a target. They might believe that:  

"I don't have a profile that catches the attention of hackers." 
"My company is too small to be a focus." 
"I have nothing important in this profile."  
"If the hacker wants to, they will be able to break through anyway."  

Those thoughts are a long way from reality – especially on personal platforms and devices. Platforms using encryption are essential but can give you a false sense of security when your access is created by predictable combinations.  

If your birthday is the key entry into the system, no security technology can guarantee your protection. Is that even necessary to say in 2022?  

Amazing but true 

The "123456" combination once again took the top prize for the Most Used Passwords in Brazil in 2021, according to NordPass. The research also shows that of the 10 most used passwords, eight are obvious numerical combinations.   

Even with all the mega leaks that occurred this year, here in Brazil (home to GlobalSign’s newest office) the Brazilian population is still not fully informed of the best security practices.   

It's about time we prevent the access attackers have, but that goes beyond a non-obvious password.  

Beyond a non-obvious password 

Fact is, the  more complex the password, the harder it is to be targeted by a cybercriminal. But we need to find a balance between the complex password and the ease of memorizing it. After all, if the password is difficult to memorize, due to its complexity, it won’t take much for the user to forget and therefore lose their access.  

Some recommend writing down your password , but this recommendation also does not follow information security best practices. A good tip would be to use words with a not so obvious meaning to you.  

An example: If the word “international” makes sense to you, remember the minimum limit of four to six characters, and it is not as obvious as the birthday. Still, it's just a word that can be easily discovered by various hacking resources.  

One way to make this password more complex would be to replace some vowels with numbers. In this case, the password would become Intern0c10nal - which makes life difficult for those who want to steal your data. Including a special character in the middle or end of the word, such as Intern0c10na! or 1nten@ciona!, will strengthen your password.  

Another way to strengthen your protection is to use a passphrase. The combination of words that forms long passwords such as “I love my dog” can become the passphrase Am0m3uc@ch0rr0. Do you like it?  

Remember: The password has to make sense just to you!  

As you can see, it’s very important to create complex passwords, and in order to make you understand this importance even more, look at the result of the search that Security.org did about how long it takes a computer to discover a password according to its characteristics:  

  • A password with all lowercase letters up to eight characters would be discovered immediately, with nine characters taking two minutes.  
  • A password with at least one capital letter of up to seven characters would be discovered immediately, with eight characters taking 22 minutes.  
  • If your password has a minimum of 10 characters, a capital letter, a number, and a symbol, it would take five years to be discovered.  

In other words, a password that is easy for you to remember and that makes sense to you is not synonymous with weakness, as long as you only use these recommendations.   

Password reuse  

I know what you're thinking now, I'm going to create a passphrase, and I'm safe. Don't do it, don't do it! The security of a platform's database is not under your control. If your information is leaked during a cyber attack, the attacker will have access to all the devices and platforms you use.  

Is there anything else I can do to strengthen my security?  

Yes, a widely used option is the second authentication factor. The digital certificate (PersonalSign) is a very effective method. To access a platform, you will need something you know - your login and password - along with something you have - a digital certificate. 

This alternative has some advantages, especially for businesses, as it is a low-cost, easy-to-use management solution that allows you to audit user and device identities. Detailed access control determines who or what can access your services, data, and digital assets.  

A final tip for users:  Make sure that the platform you use already has these features. If so, USE them! If not, how about we start pressuring companies to provide a secure digital environment?  

Share this Post

Recent Blogs