A password, also known as a passcode, is a key that is memorized and typically consists of a string of characters that is used to validate a user’s identity. The secret is memorized by a group named the claimant, whereas the party checking the claimant’s identity is called the verifier, according to the NIST Digital Identity Guidelines. The verifier will infer the claimant’s identity if the claimant successfully demonstrates password information to the verifier using a defined authentication protocol. The Data and IT services play a vital role in password protection.
A password is a random string of characters that may include letters, digits, or other symbols. The corresponding secret is often referred to as a personal identification number if the permissible characters are limited to numbers (PIN).
We’ve had access to the internet for nearly 35 years and have yet to learn our lesson about online passwords. The most widely used web passwords, according to a new security survey, are “123456” and “password.” They’re quick to recall, but that also makes them simple to hack. And if you use the same basic password for different accounts, as 92 percent of online users do, all of your information is at risk. Here are fourteen recommendations for making your passwords as safe as possible.
CRACKING THE PASSWORD
A brute force attack is an attempt to break passwords by attempting as many possibilities as time and resources allow. A dictionary attack is a similar approach that is, in most cases, more effective. All words in one or more dictionaries are checked in a dictionary attack. Usually, lists of common passwords are also checked.
The probability that a password will not be guessed or found varies depending on the attack algorithm used. Entropy is a term used by cryptologists and computer scientists to describe the power or ‘hardness’ of a device.
Weak or vulnerable passwords are those that are easy to guess; solid passwords are those that are difficult or impossible to guess. L0phtCrack, John the Ripper, and Cain are some of the programmes available for password assault (or even auditing and recovery by systems personnel); some of which use password design vulnerabilities (as found in the Microsoft LAN Manager system) to improve performance. System administrators can use these programmes to detect weak passwords proposed by users.
Attacks on the dictionary: Avoid using keyboard combinations like qwerty or asdfg in a row. Using dictionary words, slang phrases, common misspellings, and backward-spelled words sparingly. These cracks depend on software that automatically fills password fields with common terms. With a programme like John the Ripper or similar programmes, cracking passwords becomes almost effortless.
Cracking security questions: Many people use their first names as passwords, typically the names of their spouses, children, other relatives, or pets, all of which can be figured out with a little digging. When you click the “forgot password” icon on a webmail service or another website, you’ll be asked a question or series of questions. Your social media profile is also a good place to look for answers. Sarah Palin’s Yahoo account was compromised in this manner.
Use of Simple passwords: Sensitive details such as your name, age, birth date, child’s name, pet’s name, favourite colour/song, and so on should not be used. When 32 million passwords were leaked in a data breach last year, “123456” was used by almost 1% of the victims. “12345” was the second most common password. “111111,” “princess,” “qwerty,” and “abc123” are also common options.
Reuse of passwords across multiple sites: Identity theft can occur if you reuse passwords for email, banking, and social media accounts. In two recent data breaches, victims reused their passwords 31% of the time.
Social engineering: It is a term used to describe the process of manipulation. Social engineering is a sophisticated form of deception. It is the act of manipulating others into doing such acts or divulging sensitive information as an alternative to conventional hacking.
WAYS TO SECURE YOUR PASSWORD
1. MAKE YOUR PASSWORD AS LONG AS POSSIBLE
Hackers try a variety of methods to gain access to your accounts. To guess your password, the most basic method is to directly target you and manually type in letters, numbers, and symbols. The more sophisticated approach is referred to as a “brute force attack.” To break your password, a computer program runs through any possible combination of letters, numbers, and symbols as quickly as possible. This method takes longer the longer and more complex your password is. Three-character passwords can be cracked in less than a second.
2. Using A NONSENSE Term AS YOUR PASSWORD
Long passwords are good; even better are long passwords that involve random words and phrases. It would be more difficult to crack your letter combinations if they are not in the dictionary, the phrases are not in written literature, and none of it is grammatically correct. Often, avoid using characters on a keyboard that are sequential, such as numbers in order or the commonly used “qwerty.”
3. NUMBERS, Icons, AND UPPERCASE AND LOWERCASE LETTERS SHOULD ALL BE INCLUDED
Symbols and numbers should be mixed together with letters at random. For example, you might use a zero instead of the letter O or a @ instead of the letter A. Consider capitalising the first letter of each new word if your password is a term, as this will make it easier to remember.
4. OBVIOUS PERSONAL Details SHOULD BE AVOIDED.
Do not include details about yourself in your password that is easily discoverable, such as your birthday, anniversary, address, city of birth, high school, and the names of your relatives and pets. This just make it easier to guess your password. On that note, if you’re asked to pick security questions and answers when setting up an online account, choose ones that aren’t obvious to anyone looking at your social media profiles.
5. PASSWORDS SHOULD NOT BE REUSED.
When large-scale attacks are carried out, such as the one carried out recently on common email servers, the lists of compromised email addresses and passwords are often leaked online. If your account is hacked and you use the same email address and password on different websites, your details can be used to access all of these other accounts. For anything, use different passwords.
6. PASSWORDS SHOULD BE KEPT IN WRAPS.
Don’t share your passwords with others. If you’re in plain sight of someone, don’t type your password into your device. Often, don’t scribble your password on your work machine with a sticky note. If you’re keeping a list of your passwords—or, better yet, a password hint sheet—in a text file on your computer, give the file a random name so it’s not obvious to snoopers.
7. REGULAR CHANGE OF THE PASSWORDS
You can update your password more often if your information is important. Since you’ve updated it, don’t use the password for a long time. Hackers can continue to try to crack your passwords, no matter how powerful they are. Discover can help you secure your identity by tracking thousands of potentially dangerous websites and notifying you if your social security number is discovered. Signing up is also free for cardholders. It won’t solve your hacking problems, but it’s a good start toward educating you.
9. NEVER REVEAL YOUR PASSWORD TO OTHERS
You wouldn’t hand over your ATM card and PIN to an unknown person and then walk away. So, why would you give your username and password to someone else? Your login credentials safeguard details as important as your bank account balance. Nobody else, not even the IT department, wants to hear about them. It’s a trick if anyone asks for your password.
10. USE SEPARATE PASSWORDS FOR SEPARATE ACCOUNTS
That way, even though one account is hacked, the others aren’t at risk.
11. USE MULTI-FACTORS AUTHENTICATION (MFA)
Also, the strongest passwords have their limitations. In addition to your username and password, Multi-Factor Authentication provides another layer of protection. The additional element is either a token or a cell phone app that you use to verify that you are attempting to log in. Learn more about Multi-Factor Authentication (MFA) and how to allow it on a number of popular websites.
12. LONG LENGTH PASSWORDS RESULTS IN COMPLEXITY
The more characters in a password, the better. If at all necessary, use at least 16 characters.
13. STRONG PASSWORD, BUT EASY TO Remember
• Use sentences or phrases to make passwords easier to remember. For instance, “cupandsauceryum.” Some systems also allow you to use spaces, such as “cup and saucer yum.”
• Don’t use single words or words that are preceded or accompanied by a single number (e.g., Password1). Hackers can guess the password using word dictionaries and widely used passwords.
• Don’t include birthdays, children’s or pet’s names, vehicle model, or other personal details in your password that others might know about you or that you’ve shared on social media. Hackers will be able to locate it if your buddies do.
Complexity is still relevant. Have upper- and lower-case letters, numbers, and special characters to add complexity. At least three of these options should be included in a password. “Cup & Saucer YUM!” to make the previous example more stable.
14. GET A PASSWORD MANAGER AND START USING IT
Password managers are software programs that create and store strong passwords for you. These passwords are stored in an encrypted, centralized location that only a master password may access. (Don’t let that one get away!) Many services are free to use and provide optional features such as syncing new passwords across different devices and auditing your password usage to ensure you aren’t using the same password in multiple places.
- Password managers can help you stop being phished by impostors. Impostor websites are made to look like a real website on which you have an account in order to trick you into entering your account password. Attackers often send emails that appear to come from the website they want to impersonate, but include a link to the attacker’s website. Password managers defend you from these attacks by not allowing you to enter your password while you’re on the attacker’s website. It’s much more difficult to be fooled into entering your special random password for that site if your password manager knows it but you don’t.
- Password managers keep track of which sites you have accounts with, allowing you to close or remove data from inactive accounts to minimise your online exposure.
- What to Do About Using a Password Manager
- I’m not sure which password manager I’ll use.
- If I lose my computers and/or my master password, how will I be able to restore access to my passwords?
- I’m not sure if I’ll remember my master password until I memorise it.
- On which devices should the password manager be installed?
- Which of those devices would require a more robust authentication scheme to ensure that someone who uses or steals that device does not gain access to all of my passwords?
- Which of those devices needs more stringent protection to prevent malware from stealing any of my passwords?
- Which of my passwords should I stop storing in my password manager at all costs?
- For which of my accounts can my password manager generate new, randomly created passwords? (Don’t forget that you can make it create passwords for accounts you don’t want it to handle, but not store them.)
15. PASSWORD RECORDING ON PAPER
Many security experts have previously urged people to memorise their passwords, stating, “Never write down a password.” Many security experts, including Bruce Schneier, have recently recommended that people use passwords that are too difficult to remember, write them down on paper, and keep them in their pocket.
CONCLUSION
A password, despite its name, does not have to be a real word; in fact, a non-word (in the dictionary sense) can be more difficult to guess, which is a beneficial feature of passwords. The above password security methods can be followed to prevent your data from being hacked. If you find it difficult, our Data and IT services and App Development Company will help you as we have an excellent team who are properly trained.
Read This Blog: HOW VULNERABLE IT SYSTEMS CAN RUIN YOUR BUSINESS?