Even Star Wars names like “Solo” or “Princess” are fairly common. Additionally, words like “password,” or simple keyboard patterns like “12345” or “hjkl;” are easily guessable, and so should be avoided.
The problem with these passwords is they are simply not complex, and so are easily cracked by hackers. A strong, secure password will include a combination of upper / lower case letters, numbers, and special characters. This is where password requirements and policies come into play. Password requirements help ensure that a password meets a certain complexity test; for example, be at least 8 characters in length, uses a mix of upper and lowercase characters, special characters, etc.
HIPAA Vault uses password requirements to ensure that our customers don’t default to using weak passwords. A strong password, including the use of two factor authentication, will go a long way in preventing almost every system breach.
In addition, the systems where you input user and passwords, should do so by hashing your password. Hashing passwords verifies that you’ve entered the correct password, but the system receives a different string that verifies that the password is correct. One way to test whether a system you are using has hashed passwords is to request the system send you the password. If they send you a clear text password, that is a serious security risk and also tells you that they may not be protecting any other data. The normal response when you request a password reset is to receive a link from the email tied to your account and then you can reset it. Best practice for securing your data and passwords is also to utilize two-factor authentication when available.