How to create passwords on the Internet
Mateusz Kopacz, ICT Security Manager
One of the pillars of digital security in terms of data protection are passwords. In this article, we would like to discuss the first and most important line of defense against cyber attacks - which is the implementation of a password creation and management policy (the password itself is a specific type of confidential information that we have and can use for authorization).
All information that is collected from customers or from other sources must be adequately protected in accordance with the GDPR. Currently, both the Supreme Audit Office and the Ministry of Digitization recommend completely blocking hacked (exposed) and easy-to-guess passwords. It is one of the easiest methods of protection.
By the way - you can easily and safely check if your password has ever been leaked on the website: https://haveibeenpwned.com/
Basic hygiene rules for passwords:
- Use different passwords
A good password must be difficult to crack or guess. Currently, the most common causes of data breaches are stolen and forced credentials. To protect your data, a password policy should prohibit the use of common and easy passwords. By using the same password multiple times, you risk being attacked by a hacker that uses password lists stolen from another system.
- Do not use questions or hints
It is common practice to create "secret questions" that can be answered to unlock or reset your account password. Secret questions are often "what is your mother's maiden name" or "place of birth". It is best to avoid them entirely as these types of questions are most susceptible to attacks.
- Enable multi-factor authentication
Currently, the most popular way to improve network security is to implement multi-factor authentication. In this case, in addition to the username and password, other factors are used to verify the user. It can be a one-time password sent via SMS or e-mail, which is generated especially for the user during authentication and is only active for a specified period of time. To improve this process, we provide instructions for the most popular applications: Facebook, Instagram, LinkedIn.
- Use a password manager
The basic function that a good manager should have is a password generator that suggests passwords that are a safer alternative to those invented by the user. This solution additionally protects the data stored in the database with the additional level of encryption. There are many free solutions on the market. It is an absolute 'must have' nowadays. Remember that you can adjust the strength of the generated password - the strongest should contain lowercase and uppercase letters, numbers and special characters.
How to create passwords
In this table, we present the time needed to crack the password depending on the number and types of characters used. We recommend using a minimum of 12 characters and a phrase consisting of lowercase and uppercase letters as well as numbers and special symbols.
We used this approach to assessment because in the near future hackers could use GPU-based computing clusters and in the future quantum computers, which could significantly reduce the time it takes to breach our security. Let's remember about online safety. We recommend organizations of all sizes to introduce at least 12-component passwords.
In case of problems with the implementation of appropriate procedures, we will be happy to help. Contact us: