It gets worse if that notebook is a corporate or cloud app gateway where the login and password may provide access to those resources or a browser is set to remember logins and passwords.
BetterBuys has provided some advice on password strength and a password tester to show how strong your passwords are tested by brute force cracking.
For example, if the base word is in the dictionary, say the sport of “soccer”, it will take .29 milliseconds to crack it. The warning is not to use a dictionary listed word without mixing it up like S0ccer*2017 which would take 11163 millennia.
Using an Intel Core i5-6600K, certainly not the fastest processor available, it would take three months. This demonstrates the need to change passwords frequently, certainly more often than every three years.
What constitutes a good P@ssW0rd?
While the example above looks secure, it is one of many frequently used passwords so it is not good. Words that have their base in a dictionary and vowels replaced with symbols and numbers are commonly used and password hacking programs will test for a=@, e=3, i=1, o=0 etc.
Also, avoid common short phrases like “Idontknow” or “beatsme” – these are being added to the word lists to check against and take .29 milliseconds. However, “IDon’tKnow” takes 121 millennia to crack.
- The longer the better – 7 characters takes .29ms to crack whereas 12 characters takes two centuries.
- Don’t use dictionary words as standalone passwords.
- Mix upper and lower case.
- Add in numbers.
- Add in symbols.
- Never use the same password or base word twice.
What else can you do?
Many new notebooks now have Windows Hello biometric login and it is also available as an add-on device from Logitech in its new Brio 4K Pro Webcam.
Some also have fingerprint sensors and offer pin, pattern and other authentication systems – use these!
Also set up two-factor authentication (2FA) on all critical sites e.g. finance, e-commerce etc.
Use a password manager/generator
There are several free password managers that do a good job. Most have a limit on the number of passwords stored or cloud sync access etc., before they nag you to buy the premium version. But they are great tools to get you familiar with a password manager. Most work across Windows, Mac, iOS, and Android. Those in the list below are known to the writer as reputable and effective.
- LastPass (previously tested, supports 2FA, and the premium version is highly recommended)
- Dashlane 4
- Sticky Password
- Intel Security True Key (up to 15 passwords and supports Windows Hello)
- Logmeonce (supports selfie camera Photologin use)
A word of advice here – once you start using a password manager you will invariably end up going to the premium paid version so start small, test a couple of sites, see if you like the interface and functionality, before you invest a lot of time in it. That is because you will invariably find out how weak your existing passwords are and there may be a considerable time in updating all logins.