You know the scene. The detectives have the suspect’s computer and are attempting to guess the password. Time is running out. They need to access his files soon or all will be lost. Tick tock. Tick tock. Suddenly, the nerd detective, the one with the eyeglasses in case you were wondering, grabs the keyboard, types furiously, and unlocks the device. Just in time. All is saved.
This scenario may have seemed plausible in 1999, but it is a particularly tired cinematic device today. Yes, there will always be users who cannot remember passwords more complex than “password123” but, presumably, inputting common variations on that theme (qwerty, 123456789 . . .) would have been job-number-one for a team of slick, CSI detectives.
No, I am referring to the fact that any master criminal worth his/her salt would be aware of current password standards. Passwords with fewer than ten digits, whether combinations of letters, numbers, and symbols, can be cracked in a couple of hours to a few days using brute force algorithms. Those with 15 or more characters offer far better protection.
The three basic rules of password security are obvious except, it seems, in Hollywood: The longer the password, the better. Using a wider range of letters, numbers, capital letters, and special characters will also yield a stronger password. This is particularly important when using sites that limit password length. Finally, and perhaps most importantly, do not use the same password on multiple sites.
Let’s not talk about biometric security: Fingerprints, or facial recognition. Even the IRS, an organization not known for its cutting-edge technology, requires facial recognition these days. For now, I’ll restrict my comments to passwords.
My password vault suggests using passwords of twenty digits or more. Lately I am using ones with no fewer than twenty-four. Even LastPass, a password service that has suffered multiple hacks over the past year, recommends a minimum of twelve mixed characters.
Mixed characters, of course, means including symbols as well. So, how did the nerd detective know to use a # symbol in the password? Why not type a + symbol or, perhaps a ^ symbol? And what about capital letters? Such questions overtax the minds of scriptwriters, so they defer to familiar anachronisms. Kinda like advertisements that show newspapers being delivered by bicycle-riding youngsters.
Really Ozempic? Home newspaper delivery? By bicycle? Frankly, I prefer my cloying, incessant, Hallmark-style, prescription drug advertisements to show lots of kayakers and sunset scenes. But that’s a topic for another blog.
Want to leave a comment? Consider logging in using my password, 12345678, contacting me here. And don’t forget to upgrade your passwords. Please.
Peter has spent the past twenty-plus years as an acting/consulting CFO for a number of small businesses in a wide range of industries. Peter’s prior experience is that of a serial entrepreneur, managing various start-up and turnaround projects. He is a co-founder of Keurig.