How strong are your passwords?

The world of security is always evolving and the most recent approach to passwords is all about being strong and long and never expiring - yes you heard that correct. We are moving from expiring every 6 months to never at all! We are also introducing a list of banned words that would be considered weak and are advocating the use of passwordless* authentication, using the familiar authenticator app.

We are starting this journey to passwords never expiring, by firstly asking all staff to really start thinking about how strong their current passwords are and to bear this in mind when creating a new password.

Strong Password tips

If you have a strong password, but you must write it down to remember it, then perhaps it's not the password for you. Writing your password down is the equivalent of sticking a key to a locked door! It's kind of pointless! But fear not, there are various methods of creating a secure password that is memorable, just remember to avoid the following.

Common dictionary words
Personally identifiable information - Phone Number, DOB, place you work etc
Pets / family members' names - We naturally all talk about our family and pets to anyone that will listen, so it makes them easily guessable.
Using any of the words on our banned list - access the full list of words here : Banned words for MKUH Passwords

Password Policy

Your password MUST be a minimum of 14 characters in length and contain characters from three of the following categories:

Uppercase letters of (A through Z)
Lowercase letters of (a through z)
Numbers (0 through 9)
Special characters (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)

NB: These examples are there to get you thinking of something similar, please do not use these exact passwords - they are written down so are no longer secure 😋

Frustrated by how hard it is to create a strong password? Read this linked article, on why it's so important Why are our passwords so complex?

Creating a new strong password

👍Spell your password backward & use the time for numbers

Spelling your password backward is a great way, to create a secure, yet easy-to-remember password. Using the time for the number prevents you from using easy number combinations, like 1234, 1111 (unless its 12:34 😂) for example.

Onaipyalpi12.27 (i play piano. 12.27 was the time)
Detardyhpeek1237 (Keep hydrated and the time)
ekibymevolI.1248 (I love my bike)

👍Use the extraction method

Sentence: My last summer holiday was in Cornwall in June 2017 and stayed at Fistral Hotel

Extraction: My last summer holiday was in Cornwall in June 2017 and stayed @ Fistral Hotel

Password: MlshwiCiJ2as@FH

Sentence: Rufus was my first pet.he was a cat12.32
Password: Rwmfp.hwac12.32

Sentence: My first job was at tesco.I hated it!0928
Password: Mfjwat.Ihi!0928

👍Use a phrase and mix it up with acronyms, nicknames, and shortcuts

Making use of acronyms and shortcuts can provide secure yet easy-to-remember passwords. For example:

1tsrAIn1NGcts&DGS! (It’s raining cats and dogs!)
p@$$GOandCLCt£200 (Pass Go and collect £200)

👍Have some fun, incorporate emoticons

Emoticons are the text format of emojis, commonly seen as various “faces” such as: :) = 🙂 :( = 🙁 :-O = 😮 Incorporating emoticons can help make passwords strong:

@11Work:-(&NOplayMAK3$jackD11:’( (All work and no play makes Jack dull)
L37sH@vEsumfUN!;-) (Let’s have some fun!)
i<3w1LyW0NK@:-0 (I love Willy Wonka)

👍Use a strong password and customize for the specific account

This technique is particularly useful for when you have a strong password and would like to use it across multiple accounts on any web services you use. Since we know we shouldn’t use the same password across multiple accounts (no matter how strong that password is), we can customize the password per account. For example, we have our strong password based on the phrase “Humpty Dumpty sat on a wall” and want to use it across Amazon, Google, and Netflix:

AMZn+humTdumt$@t0nAwa11
humTdumt$@t0nAwa11@gOoGL
humTdumt$@t0nAwa114netFLX

Just remember, strong and long is the perfect combination 😊

Once you have a strong 💪password, read up here how to go passwordless. Passwordless Sign-on is here!

*Passwordless authentication is a form of MFA (multifactor authentication) used to replace passwords with secure alternatives. It requires two or more verification factors to sign-in securely - such as a fingerprint scan, iris scan, or facial recognition or a PIN that’s locked and secured on the device.