When choosing your password we recommend using 3 word password phrases to set your passwords, rather than complex gibberish types. There are several freely available password cracking tools out there and there are 3 common techniques to crack a password:
Brute force = trying every conceivable password combination possible
Common words = assumes user has set password to a known word e.g. “blueberry”
Dictionary attack = the password cracking software is preloaded with a dictionary with commonly used passwords.
In reality this is what using the above equates to in terms of password cracking:
So ideally you want to be looking to set a password thats going to take at least a year to crack, couple that with a password policy where the user is forced to change their password every 3-6 months then this should provide an acceptable level of security.
One method our engineering team have used in the past for setting the 3 word passphrase is to select a family member/loved one/pet and then select 3 meaningful words relating to them, then introduce Upper/Lower combinations and add either a number or complex character to the password. You can then apply a constant complexity formula and you’ll end up with a very secure, very easy to remember password. For example…
Choose 3 subjects you enjoy – say you like cricket, motorbikes & wine – your 3 word pass phase would be “cricket bikes wine” or more complex “Cricket Bikes Wine” but using the complexity formula above “Cr1ck3t B1k£ W1n3” so we end up with a ridiculously secure password that is actually really easy to remember.
When it comes to password change time – pick someone else. Your brother for example might like football, snooker and beer, that would come out as “F00tb@ll £n00k3r B33r”.
This method also makes it very difficult to obtain passwords from social engineering. A recent study showed that most user set passwords that are single word passwords, maybe with a couple of extra characters just to meet the complexity requirements, and these are based around either a loved ones name e.g. spouse/child etc, pet names and supported football teams – all of which are a complete doddle to extract with a bit of basic searching on social media channels.