Password security, though often overlooked, plays an extremely important role when it comes to protecting your identity on the Internet. After all, it keeps unauthorized users from breaking into your online accounts and stealing your personal information for their nefarious purposes like impersonating you to commit crimes in your name, for example.
Password security is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.
Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the factors (knowledge, ownership, inherence). The first factor is the main focus in this article.
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g. three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secured with relatively simple passwords. However the system must store information about the user passwords in some form and if that information is stolen, say by breaching system security, the user passwords can be at risk.
How to secure your password safely and make it strong?
Password security isn’t just something you can ignore – it’s essential to protect your online accounts, and ultimately, your identity from being stolen. Think not? Well, the consequences of poor password security are bad enough. According to Verizon’s 2017 Data Breach Investigations Report, 81% of hacking incidents leveraged weak and/or stolen passwords.
According to the traditional advice—which is still good—a strong password:
- Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
- Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
- Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
- Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
Now that you know the common password security mistakes you need to avoid, let’s discuss how to create strong passwords. The following are some new and greate tips password creation tips to prevent hackers from accessing your online accounts:
1. Use a Password Management Tool
The best way to store and remember your passwords safely is to use a password management tool. Used by just 13% of respondents as per PCMag’s survey, these programs save your list of credentials in a secure, encrypted form and require a master password to be accessed, thereby eliminating the need to remember all your passwords.
2. The longer Your Passwords, The Better
The passwords you decide to use should be at least 12 characters in length so that they’re difficult to break. The longer a password is, the more combinations a hacker would need to try in order to successfully crack it
3. Only Visit Websites with HTTPS
Make it a habit to check if the website has “https://” at the beginning of the address bar as it indicates that all communications between the site and your browser are encrypted using Transport Layer Security (TLS). This will protect you from attacks like eavesdropping when you enter your credentials or credit card details there.
4. Unique is The Way Forward
We’ve already highlighted this before, but its importance can’t be emphasized enough: Only use one password for one account.
5. Secure Your Web Browser from Hackers
If your web browser stores your usernames and passwords, anyone who gains control over your computer can access ALL your credentials within minutes. For this reason, you should take the necessary steps to secure your browser from hackers as they actively exploit flaws and vulnerabilities in these programs.
6.Check Your Password Strength
Once you’ve finally come up with a password, it’s time to gauge its strength. Use a password strength checker – it will evaluate the strength of your password and tell you the time it would take to be cracked.
7. Update All Software Regularly
Every time you don’t install an update for your software, a hacker gets the chance to take advantage of a flaw or vulnerability left open. Keep in mind that updates not only bring additional functionality, but also security fixes. If you don’t have the time to do this, automating your software updates can save you the trouble.
8. Employ Two Factor Authentication on All Your Online Accounts
Two -factor authentication combines passwords with a second authentication factor, like asking for a one-time code after you sign in with your credentials. This makes it considerably harder for hackers to gain access to your online accounts, so it’s highly recommended that you enable it on all your accounts that support 2FA.
9. Be Aware of Your Surroundings
You should also be mindful of the people around you. Besides, you never know when somebody may look over your shoulder to nab your personal information like passwords. So be aware of your surroundings when you’re both online and offline.
10. Aim for Complexity
Password length and complexity go hand-in-hand in the quest to creating proof-passwords, so make sure you include lowercase and uppercase letters along with numbers and symbols. Mix them up like you mix your cocktails on a Friday night!
11. Unpredictability is Key
According to a report, unpredictability is key when it comes to password strength. So it’s important to avoid predictable words, passwords based on dictionary words, as well as any references to popular TV shows, video games, and movies.
You should also avoid using passwords that contain personal information as it’s easily obtainable. 19% of respondents use their initials or name in their passwords, which is a big no-no in terms of security, the PCMag survey found.
Furthermore, 16% use their wedding date, 15% use the name of a family member, 12% use their birth year, 12% use their house address, while 8% use their spouse’s personal information. It’s time to do better than that!
12. Use a Password Generator!
If you don’t like the hassle of creating random passwords, you can easily generate a secure password by using a free tool like LastPass Password Generator or Norton Identity Safe Password Generator. It’s much safer to have a computer generated password than to use a personalized password that can easily be hacked.
How Hackers Can Steal Your Passwords?
Think again. Hackers can steal your static passwords a bunch of different ways; it’s easier than you might think. Hackers have hundreds of ways to steal your credentials and their techniques become more and more sophisticated every day. In 2012, password theft alone increased by 300% with identity theft going up by 33%.Well, here are some of the most common ways through which they can steal your passwords, and in turn, your personal information:
1. Brute-force Attack
One of the most common password cracking techniques out there, a brute-force attack involves checking all possible key combinations until the right one is found. Since hackers use complex algorithms to try multiple combinations at super-fast speeds, rest assured that your short passwords will be cracked in no time!
2. Password Sniffing Attack
A password sniffing attack is a technique used by hackers to collect your credentials on unencrypted connections. By using a combination of easily available tools on the Internet, they monitor all incoming and outgoing traffic on a network so they can intercept your usernames and passwords as they’re being transmitted.
3. Phishing Attack
Even though phishing is an old trick in the hacker’s playbook, it’s still going strong and doesn’t seem to be going away anytime soon. Typically, it entails sending an email to the victim by impersonating a legitimate entity and requesting that they provide sensitive information like usernames, passwords, and even credit card details.
4. Social Engineering Attack
A social engineering attack requires little technical knowledge and relies on human error, tricking otherwise unwary employees or users into performing certain actions or revealing confidential information such as passwords or bank account details.
5. Dictionary Attack
In a dictionary attack, a hacker tries hundreds – or sometimes even millions – of likely possibilities derived from a predefined list of words or dictionary in order to defeat an authentication mechanism like passwords.
6. Keystroke Logging
Keystroke logging, also known as keylogging, is a technique that involves the use of a program to record or log every keystroke so they can obtain confidential information like passwords without the knowledge of the unsuspecting user.
Some Frequently Asked Questions About Passwords
The following are answers to some of the most frequently asked questions about passwords:
Why is it important to use a password?
Passwords are used everywhere and play a key role in our digital lives. They are a common way to prove your identity and prevent unauthorized access of your accounts or computer. For this reason, strong passwords are essential to protect your identity and security.
How long should my password be?
When it comes to creating strong passwords, randomness is an important factor – but so is length! Therefore, your passwords should be a minimum of 12 characters, and preferably, 14 or more.
Which type of password would be considered secure?
Well, a secure password would be one that isn’t related to anything in your business or personal life. Also, it should include a random mix of numbers, characters as well as uppercase and lowercase letters.
Some strong password examples include:
How long will it take to crack a 12 character password?
According to BetterBuys, eight-character passwords can be cracked in 5 hours, nine-characters in 5 days, 10-characters in 4 months, and 11-characters in 10 years. However, if you make your passwords up to 12-characters long, it will take 200 whole years to break them!
Wrapping Things Up
Passwords will continue to be there for you when you need them the most. So, make sure you keep them healthy, strong, and uncrackable. Hopefully, the password security tips and tricks mentioned in this guide will help you do just that.