Skip to main content

Are You Rolling the Dice on Password Security?

Pair of dice
Cybersecurity, passwords

When it comes to online security, a strong password is key to driving away would-be hackers. Far too often, small businesses have lax password security for their staff and their online databases. That leaves the information vulnerable to attack.

Password security is essential to protecting your website and database from unwanted intrusions. If your staff are your first line of defense, then strong passwords are their shields. But unless you enforce strong password requirements, hackers could find a chink in your armor.

Passwords need 2 characteristics to thwart hackers:

  1. They must be unique – not available on any public lists of previously hacked passwords.

  2. They must have a lot of “entropy.”

Entropy is the time it would take a powerful computer to guess the password. Generally, a long password has higher entropy than a short one. Many websites enforce unique passwords with high entropy including minimum character counts and letter, number, and symbol requirements. But let's face it, those passwords are hard to remember.

Should You Be Using a Passphrase?

Another way to protect against hackers is called Diceware. A Diceware passphrase is a randomly generated phrase based on a five-digit number. Here's how it works:

  • Role a die 5 times and write down each number. (i.e. 3, 6, 2, 6, 4)

  • Put all those numbers together into a single 5-digit number. (i.e. 36,264)

  • Look up that number in the Diceware dictionary, which contains a numbered list of short words. (36,264 = “leg”)

  • Do that a number of times based on how secure you want the passphrase to be.

Users can use connecting words to turn the phrase into something memorable, like “My favorite color is a deep shade of blue,” which is more secure than an 8-character combination of letters, numbers, and symbols.

Reinhold recommends using 6 words in each passphrase. He says:

“Five words are breakable with a thousand or so PCs equipped with high-end graphics processors. (Criminal gangs with botnets of infected PCs can marshal such resources.)

Six words may be breakable by an organization with a very large budget, such as a large country's security agency.

Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030.

Eight words should be completely secure through 2050.”

By enforcing a certain level of complexity for user passwords, or implementing passphrases, you can stump the hackers and limit your liability to users for any breach.

For example, Provisio Technology Solutions recently did a web conversion for a client with over 4,000 users. Their previous website used unencrypted passwords with no complexity requirements. We created a new database, encrypted all their passwords, and installed a module that required users to create more secure passwords. Now they have much better protection from cyberthreats. We can do the same for your business. If you need help with cybersecurity, contact Provisio Technology Solutions to schedule a meeting.