A study recently published by Trustwave over at PCMag reports that “Password1” is the most popular password employed by business users. As you might have already guessed, “it satisfies the default Microsoft Active Directory complexity setting,” which is not often changed or hardened. This is just another example of how tricky it can be to balance usability with IT security. Unfortunately, it’s a trade-off we confront all the time in business computing. It’s very easy to remember passwords like “Password1” or “Letmein123!,” and though they pass the basic guidelines set by IT admins, they’re pretty easy to guess by any decent hacker or pre-coded dictionary attack.
It’s a good idea to either harden the Microsoft default password complexity requirements (passwords longer than 10 characters, for example), or encourage users to utilize a mnemonic that is very personal, yet easy for them to remember. For example, let’s say your favorite book at the moment is The Girl Who Kicked the Hornet’s Nest. You can use the first letter of each word in the title as your menemonic, or “tgwkthn.” Then, you can add numbers, capitalization, and/or special characters to satisfy minimum requirements, while stretching the size of the password to 10 characters or more. This makes for a password that is easy to remember for a specific person, but difficult to crack for a hacker.