Handbooks & Guidelines

How to create strong passwords

Given the number of websites for which most people have accounts, there is no simple way to easily remember every single password without duplicating passwords or utilizing some sort of pattern. Hackers use a multitude of methods to compromise security and gain access to systems. Hackers learn which passwords are used most through brute force attacks. When weak passwords are used, this makes it easier and faster for hackers to succeed. This is a risk to both user accounts and administrative accounts.

Strong passwords in healthcare

It is important for everyone to have secure strong passwords to access their online data. But it can also be equally necessary that practice managers and physicians have equally secure login information and processed for their own work computers. These devices hold information about patients’ health information, medications, histories and medical billing.

Requirements for a strong password

A strong password must comply with the following requirements:

  • Length: At least eight characters in length (the longer the better).
  • Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: At least one of each (the more mixed the better).

A password with more than eight characters, numbers, symbols, capital and lower-case letters should be strong, but usually users get a normal word and modify replacing start or end with capital letters and replacing vowels by numbers.  

If we take the words Secure Hospitals as an example, noting the modifications mentioned, we obtain a strong password S3cur3H0sp1t4ls for a normal user, but quite easy to break for a machine. This is why it is highly recommended to use the passphrase method.

More information on the strength your passwords  can be obtained through this link: https://uchicago.service-now.com/it?id=kb_article&kb=KB00015347

Passphrase method

The passphrase method is very easy to follow and to remember the password. The following steps will help in creating a strong password:

  • Steps
    1. Choose a sentence easy to remember
    2. Take the first two or three characters of each word
    3. Replace vowels with number
    4. Replace some characters by capital letter
    5. Add symbols

 

  • Example
    1. Secure Hospitals is a European Project about CyberSecurity.
    2. sehoisaeuprabcy
    3. s3h01s43upr4bcy
    4. S3H01s43uPr4bcy
    5. S3H01s43uPr4bcy!

In the above example, the strong password is: S3H01s43uPr4bcy!

To read more about password creation methods see: https://blog.avast.com/strong-password-ideas

Password Safekeeping

A point to note, it is not only about using a strong password. For example, if the same password is used at multiple websites, it may be leaked in one of the sites and the hacker may use that leaked password to access your other accounts on other websites.

Using unique passwords for every site or service, avoiding phishing sites, and keeping your computer safe from password-capturing malware is also important. That is why is recommended to use password manager software, e.g. KeePass. This kind of software helps manage passwords in a secure way. All personal passwords are kept in one database, which is locked with one master key or a key file. In this way, a user only needs to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

See the Keepass webpage to learn more about password manager software: https://keepass.info/

Further reading

Literature

J.L. Fernández-Alemán, et al., “Study of the importance and security level of passwords in the healthcare setting”, Gac. Sanit., 29, 2015. (Spanish, English abstract).

  1. Ye, et al., “An empirical study of mnemonic password creation tips”, Computers & Security, 85, 2019.
  1. Koppel, et al., “Workarounds to computer access in healthcare organizations: you want my password or a dead patient?,” Stud. Health Technol.Inform., 208, 2015.