1. Capitalise the fourth character.
2. Add a numeric character after the second character.
3. Add a non-alpha-numeric character to the end.
4. Put the last character of the online resource you're logging into at the beginning.
So Amazon gets a password of Nt2qbFjotld while YouTube gets Et2qbFjotld which are both unique and difficult to guess, or crack using brute force tools, but despite the complex appearances are easy to remember as it's the methodology that sticks in the memory.
Strategic thinking
It's important not to forget that password policies, and the processes in place around them, are just as crucial as the secure nature of the password themselves. As Greg Day, director of security strategy at McAfee (EMEA), reminds us "It is important that enterprises ensure that workers refresh their passwords periodically, but as with any area of data security, excessive changes lead to a greater risk of human error".
What the enterprise has to do is get the balance right. Unfortunately all too often what happens is they introduce complex password policies leading to an increase in costs courtesy of IT support calls and lost productivity, and an increase in risk as users write passwords down or use the same one for every resource.
The answer is for password protection to be considered and a serious business issue by everyone in the enterprise, rather than a hindrance.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
I love magic links – why aren’t more services using them?Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential securityNews Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrencyNews The hackers behind the LastPass breach are on a rampage two years after their initial attack
-
GitHub launches passkeys beta for passwordless authenticationNews Users can now opt-in to using passkeys, replacing their password and 2FA method
-
Microsoft SQL password-guessing attacks rising as hackers pivot from OneNote vectorsNews Database admins are advised to enforce better controls as attacks ending in ransomware are being observed
-
No, Microsoft SharePoint isn’t cracking users’ passwordsNews The discovery sparked concerns over potentially invasive antivirus scanning practices by Microsoft
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacksNews The added layer of complexity aims to keep social engineering at bay
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
