PPe

Seminars

Strong Passcodes

|| Content

  • Strong security & privacy
  • Prior recommendations
  • Information entropy
  • Recommendations
    • 10 characters +
    • unpredictable string
    • change occasionally
Author

Author: 

  P P Email

Affiliation: 

  Ameliour Innovations

Date: 

  Wed, 16 Mar 2022

  Original Pub.:  2016

Photo Credit

FLY:D

Unsplash

Strong Passcodes

Strong Passcodes (Passwords) & Privacy

PPemail strongly recommends clients use the highest level of security for all PPemail passcodes (a more descript term than ‘password’).  Strong passcodes are now basic for all online activity and essential for privacy.


From Wikipedia

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks.  In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.


Prior Recommendations

The suggestions for passcodes continue to evolve.  Earlier rules included such recommendations as:

  • change passwords regularly (e.g., every 90 days)
  • require use of both UPPER & lower cases
  • require use of numbers
  • require use of special characters (e.g., #, $, !, %)

But requiring such features actually decreases security because any constraint increases predictability.  Security experts, therefore, no longer support requiring specific passcode features.


Information Entropy

Strong passcodes are measured using a version of “information entropy,” a concept that in passcode parlance means uncertain, random, and unpredictable (select the image for details).  A contemporary heuristic for passcodes is: use random sequences in long strings.  The challenge, of course, is that random sequences not only prevent nefarious access, they also limit legitimate access because random sequences challenge human recall.  Such human limits belie another rule, “Never write down your password, anywhere.”


What to do?

Your professional passcodes should be strong.  PPemail suggests your passcodes

  • be at least ten (10) characters,
  • be different for different accounts,
  • incorporate letters, numbers, and/or symbols,
  • arrange to decrease predicability (i.e., no words), and
  • change occasionally but especially when an account may have been compromised.


In sum, the strongest passcodes need not be overly complicated but should include at least a ten-character string of letters, numbers, and/or symbols.  The more uncertain the characters the better.

Whatever your career.  Wherever you take it.  PPemail goes too.

©, 2016 - PPemail. All rights reserved. Ameliour Innovation, LTD

This website uses NO ‘tracking’ cookies. See our privacy policy for details.  Scrolling gives tacit approval and removes this banner; or select a button.