In our article on the Complex Password Conundrum, we examined the importance of complex passwords in Office 365 and why these passwords should have a minimum length of twelve characters as opposed to the default eight. Below are four tips taught by security experts to help users create memorable, complex passwords.
Use The First Letter from Each Word in a Phrase such as a favourite song or film. "I heard that you're settled down, that you found a girl and that you're settled now." (Adele - Someone Like You) becomes ihtysdtyfagatysn. To comply with Office 365 complexity this could then become 1Htysdtyfagatysn or Ihtysdtyfag@tysn.
Combine Two or Three Words - As we've already read in the Complex Password Conundrum - any word in any language is easy to break due to dictionary enhanced, password cracking tools. By combining two or more unrelated words, a user's password will more than likely be memorable and in the twelve character zone. Examples include Characterzone or ComplexConundrum. To comply with Office 365 complexity, these passwords could then become Character7Zone and Compl3xConundrum.
Numeric Conversions - This method takes a word and converts part of the word into numbers. For example, the word questionable would become que78466able where 78466 is equivalent to stion when you look at the letters under the numbers on your mobile phone. To comply with Office 365 complexity, this password could then become Que78466able
Site Password Modification - One problem users have, is the ability to remember multiple complex passwords, which normally results in the user saving them on a piece of paper, often hidden under the keyboard. Several security experts reduce this problem by choosing a secure password from one of the previous methods and combining this root password with one or two letters from the site or system they are connecting to. For example if the secure password is Phone4Cr@bs then:
- PhoneW4LCr@bs would be the password to connect to Windows Live (WL)
- PhoneO43Cr@bs would be the password to connect to Office 365 (O3)
- PhoneA4DCr@bs would be the password to connect to Active Directory (AD)
Although strictly speaking, corporate security experts would prefer each site to have its own complex password, they're even less impressed when users write their passwords on blackboards or on bits of paper hidden under keyboards. There are many variations on the above themes and there has been much written on how to create memorable complex passwords. Remember, each user is different - some remember numbers better than letters, while others remember symbols - the trick is to make all methods available for users to find what works best for them.