Skip to main content

Password Security and Password Managers

DATE: October 02, 2024

TAGS:

Ensuring proper password safety is a never-ending task, mostly because the rules seem to keep changing. The rules used to seem easy; create a password you’ll remember. Oh wait, that’s too easy, try to add in some different characters. Wait no, now you need numbers, letters, and special characters. Actually, scrap that, just make it long. Feeling confused, maybe a little cheated? Well, here’s the reality of today’s password rules... you actually need all of those things.  

Today it is easier than ever for malicious hackers to break into systems by stealing your password information. Whether that's by looking at the sticky note you wrote your password on and stuck to your monitor, or more likely, running a program that guesses all the possible passwords you could have. There are plenty of ways for hackers to figure out your password, so how do we make it harder for them.  

So, what does a strong password look like? 

Well, we have to understand what a strong password looks like, taking into account all of the rules mentioned above. First, we have to start with something long. At least 16 characters. 16 characters is a lot, so you are better off coming up with a phrase. We will start with this example. 

thebrightbluefox   

This is a decent start, but all the characters are lower case letters, so it doesn’t even meet basic password requirements for most accounts. To strengthen it, we can add some random uppercase letters. 

thEbrighTbluEfoX 

Here I have made the last letter of each word uppercase, which is an easy rule to remember for this password. But this still isn’t enough. Let’s add some special characters and numbers.  

thEbr!ghTbl<EfoX09 

By changing some letters into special characters and tacking on numbers at the end, I created a pretty strong password. Unfortunately, many of the composition rules we find easy to remember, are also easily programmed into the password attacking process. This is why we can sometimes be very bad at creating passwords. Traits of our passwords that we think are unique are often tactics that attackers already know to program into their attack. Changing an a into the @ symbol or using 0 instead of the letter o are things that attackers will preset to check for during their attack. It can be incredibly difficult to come up with truly unique passwords when humans tend to have a similar way of thinking about password uniqueness. For example, even the password I created isn’t all that random. It uses alliteration and each word could be guessed after the first couple of letters. So here I am really relying on special characters and length. So, for greater reassurance we can check How Secure is My Password?

Password Generators  

Because it can be so difficult to come up with truly unique passwords, some people opt for password generators. The problem is that generators are not always secure. Sure, they can come up with long hard to crack passwords but there is no guarantee that the program isn’t keeping copies of your passwords associated with your profile. While this might not sound like a big risk, it could be should the generator suffer from a cyber-attack. However, password generators are good at doing things that humans have trouble with. Like creating genuinely random passwords that have no pattern behind them. An algorithm is more capable of randomness than a human but, like with most things, we have to weigh the risks vs. the benefits.  

Password Managers 

By now you are probably thinking ‘how on earth would I remember this?’. The nice thing is that you don’t have to, as long as you’re comfortable using a password manager. Password managers have really boomed in recent years as we have discovered just how frustrating it can be to constantly reset your passwords as you forget them. It is password rule #1, don’t write down your passwords. But with all of these length and special character requirements, how can we be expected to remember every password we have.  

 According to a survey done by NordPass in 2024, the average person has around 255 passwords when taking into account both personal and workplace passwords. That is far too many to try and remember, I would have trouble even remembering five. So instead, a lot of people opt for password managers. A password manager is a digital way to record and organize all your passwords. They are secured by one master password and sometimes require multi-factor authentication. This way you only have to remember your master password. Password managers are good for more than just storage, they also allow you to share passwords across multiple devices and even share access with other people. You don’t necessarily have to only store passwords, managers are also useful when storing other sensitive information like SSNs, bank account information, and passkeys. This type of service is especially helpful for businesses who might need to store a large number of passwords. A manager also enables businesses to quicky find passwords and share them with appropriate admin. From there admin can facilitate shared access through the manager. However, you still have to figure out what's right for you. Some businesses may have policies against password managers. In your day to day the question is whether you are comfortable storying password information in a cloud service. Most password managers are available on desktop and in the app store for easy access on your phone.  

Our Advice 

Here at cyberTAP we recommend that you look into password managers and see what's right for you. It is important to check the credentials and security of any password manager you consider using. 

About the author

Hope Trampski

Student Assistant

htrampsk@purdue.edu

Sign up for the newsletter

Return to main content

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2021 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by Technical Assistance Program

Trouble with this page? Disability-related accessibility issue? Please contact Technical Assistance Program at tap@purdue.edu.