Are Your Online Password Strong Enough For This Time?
Concerned about protecting your financial transactions and private data stored online? Whenever you don’t use a strong password, you run the risk of losing vital and often personal information. A strong password policy is your front line of defence against security threats, scammers and hackers. Implementing the best password security practices is as important at work as it is at home.
Not just any password will do, and the reason why relates to how passwords are cracked. If a person were trying to guess your password, they might try ten or so passwords a minute, if they’re fast. A computer can guess much, much faster. So how many permutations does it take to get your password?
Fortunately, several key warning signs will make it clear whether you have an easily-compromised password. You need to understand the severity that easy-to-guess passwords bring. Also no, you cannot have the same password for twenty different accounts, only because it is easy to remember. Once you understand a few best practices, putting together strong passwords and keeping your online accounts safe will become second nature.
Weak passwords always play a major role in any hack. For the ease of the user, sometimes applications do not enforce password complexity and as a result of that users use simple passwords such as password, password123, Password@123, 12345, god, own mobile number etc. Weak password does not always mean length and the characters used, it also means the guessability. Name@12345, it looks a quite complex password but can be guessable. So do not use password related to name, place, or mobile number.
Weak passwords are easy to guess. This includes more than the passwords that are easy for a person to guess, but also those that are easy for a computer to guess. Weak passwords can be guessable or the attacker can brute-force if the length of the password is very small, so try to use random strings with special characters. Though that can be hard to remember as a security point of view it’s quite secure.
Best Password Security Practices for Users
Never Reveal Your Passwords to Others.
You probably wouldn’t give your ATM card and PIN to a stranger and then walk away. So, why would you give away your username and password? Your login credentials protect information as valuable as the money in your bank account. Never email your password or store it in a document or write it down on paper. Ideally, your password should only be in your head and a hash on the system you’re logging into. Your password is what makes you accountable for the actions taken under your account. Socially engineering a password out of someone is often much easier than “hacking” their account. Most *ishing schemes trick you into giving up your password in some way or another. Nobody needs to know them but you—not even the IT department. If someone is asking for your password, it’s a scam.
Create Unique and Complex Passwords
Not just any password will do, and the reason why relates to how passwords are cracked. If a person were trying to guess your password, they might try ten or so passwords a minute, if they’re fast. A computer can guess much, much faster. So how many permutations does it take to get your password? Here are three key factors:
- Length trumps complexity. The longer a password is, the better. Use at least 16 characters whenever possible. Character sets. Each character set has a certain number of permutations. There are 26 lowercase letters, but only 10 digits (0-9), so you can see how “potato” is more secure than “536871” from the perspective of a machine running through different combinations of characters.
- Common words. Brute force isn’t the only method to crack a password. A computer can run a “dictionary attack” against a password very quickly, testing for all real words, of which there are relatively few, compared to the huge number of character permutations possible. All of the sudden “potato” isn’t that great of a password after all.
- What you’re better off doing is creating a password makeup of a string of random numbers, letters, and special characters (such as “$”;, “@”;, and “~”;). It’s also a good idea to make sure you include at least one uppercase and one lowercase letter. The longer, more random, and more complex your password is, the harder it will be to guess.
Your password should be a combination of at least both upper and lowercase letters and a number (62 unique, reusable characters, with 8 characters in the password means 62 to the 8th power or 2.1834011e+14 possible combinations…) Include a special character to increase complexity, but make sure that character is supported by the mechanism you’re using, as some are not. Finally, you can find any number of password generators online, which can generate extremely complex passwords. But you have to remember this. And when you get down to step 5, having separate passwords for every account can be too much to ask with 18 characters randomly generated passwords.
Use Multi-Factor Authentication (MFA)
Even the best passwords have limits. Multi-Factor Authentication adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you would use to confirm that you are trying to log in. Learn more about MFA and how to turn it on for many popular websites at https://www.turnon2fa.com/.
Make Passwords That Are Hard To Guess But Easy To Remember.
- To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”.
- Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password.
- Don’t use information in your password that others might know about you or that’s in your social media (e.g. birthdays, children’s or pet’s names, car model, etc.). If your friends can find it, so will hackers.
Set A Reminder To Change Your Password
A widespread password security practice over the years has been to force users to change passwords periodically—every 90 days, or 180 days, etc. Some services require regular password changes, while some do not. If they don’t, it’s always a good plan to change your password regularly anyway. This step is about reducing the window of damage. The more often you change your password, the smaller the window of a compromised password being worthwhile. This is why high-security systems use randomly generated numbers that change every few minutes as part of their authentication model. Changing your password regularly may seem annoying, but it’s nothing compared to dealing with a compromised account, identity theft, or credit card fraud.
Use Different Passwords For Different Accounts
That way, if one account is compromised, at least the others won’t be at risk. Use Different Passwords for Every Account Otherwise, if one account is breached, other accounts with the same credentials can easily be compromised.
Use A Password Manager
You can use a password manager to store your passwords for you. The major browsers all have password storage systems, while cloud options like LastPass work from any computer with internet access.
Password managers not only store your passwords, but they also help you generate and save strong, unique passwords when you sign up to new websites. That means whenever you go to a website or app, you can pull up your password manager, copy your password, paste it into the login box, and you’re in. Often, password managers come with browser extensions that automatically fill in your password for you. And because many of the password managers in use have encrypted sync across devices, you can take your passwords with you anywhere — even on your phone.
Though the University does not recommend anyone solution, here are some examples of free password managers*:
- LastPass: https://lastpass.com/
- KeePass: https://keepass.info/
- Keeper: https://keepersecurity.com/
- Password Safe: https://pwsafe.org/
- Dashlane: https://dashlane.com/
No one wants to experience the problems that come with a compromised password. The consequences can range from a mere nuisance to all of your data being exposed to individuals with malicious intentions.
Follow these simple steps to keep your account secure.
May 15, 2019
April 3, 2019