Is 9%&GR a good password? DNA’s information security expert gives a reminder of good password habits on the eve of World Password Day

DNA’s Vice President, Security, Seppo Pekonen says that information security risks often lie in people’s desire for comfort. 

‘Short strings of characters are naturally easier to remember and faster to write than long ones. A short password is very easy to crack using modern methods. Your password should definitely be more than 12 characters long. The longer it is, the harder it is to crack,’ Pekonen explains. 

From password to passphrase – management apps make it easier

"It is often assumed that a good password meets the criteria if it contains special characters and numbers in addition to letters. Unfortunately, this no longer provides sufficient protection if the password is not long enough. We should no longer even talk about passwords, but rather passphrases or password phrases. A passphrase can be very simple, for example, a Finnish sentence that is easy to remember personally. The passphrase can be enriched with Finnish dialect words, inflectional forms, numbers, and special characters," Pekonen continues.

An example of such a criteria-meeting passphrase could be: "Poikienkanssa23pv#Kalassa". Another common security risk is using the same – or even similar – passwords across different services.

"In connection with data breaches, passwords often end up in the hands of cybercriminals along with usernames from poorly protected online services. If too many similar passwords are used, their logic can be easily revealed to the attacker after several breaches. Artificial intelligence has made this kind of investigation easier for criminals. Therefore, it is important that different services always have completely different passphrases. Additionally, it is advisable to consider using different usernames whenever possible," Pekonen points out.

As the number of passwords and usernames increases, reliable management applications can make their use and memorization easier, and their adoption is definitely worth considering. Additionally, multi-factor authentication is good to activate if the service supports it. In multi-factor authentication, in addition to the password, applications like Microsoft's and Google's Authenticator or SMS verification are used.

Cybercrime has increased  

Information security issues are particularly topical right now, as online services are constantly increasing due to digitalization, and the widespread use of artificial intelligence has brought completely new dimensions to both services and online scammers.  

"The amount of cybercrime has skyrocketed to a new level. With just one password, a criminal can gain access to a person's entire online identity. And this is what we are talking about in terms of the so-called social dimension. There is also an economic dimension involved if the criminal gains access to environments where payment information is stored. Unfortunately, various scam attempts to phish for passwords have also improved dramatically with generative artificial intelligence. A person has to be more and more careful when operating online," Pekonen reminds.

Further information for the media:

Seppo Pekonen, VP, Security, DNA Plc, tel. +358 (0)44 044 5959, seppo.pekonen@dna.fi

DNA Corporate Communications, tel. +358 (0)44 044 8000, communications@dna.fi