Passwords are the first line of defence against malicious threats. We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess.
However, the actual execution of these recommended practices is often lacking. The trouble usually lies with us when we don’t take care of their passwords or don’t make them difficult enough.
Before we look at some techniques to prevent hackers from gaining access to your private information, let’s take a quick look at the most common means that are used to crack the password code and get the “keys to the kingdom.”
- Guessing: Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that.
This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
- Dictionary-based attacks: Programs run names and other information against every word in the dictionary.
- Brute force attacks: Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
- Phishing/Brand-jacking: These scams try to fool you by pretending to be someone you trust then track your keystrokes in order to steal private information. If the email request looks odd, ignore it and please don’t click on anything.
- Shoulder surfing: Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a petrol station. (debit card PINs are vulnerable).
Password Security Tips
There is simply no way to guarantee an unbreakable password. If someone wants something bad enough and is smart enough, they can figure out what they need to do to get it. Most are not that patient though, so any deterrents are usually enough to make them give up and find an easier target.
Some best practices include:
- Use Multi-factor/Two-factor Authentication when it is available
- Make sure password length is at least 8 characters
- Don’t use real words
- Use both upper and lower case characters
- Include numbers and special symbols when allowed
- Don’t use personal data
- Make patterns random and not sequential or ‘ordered’
What else can be done to increase password security? Here are some “do’s” and “don’ts.”
- Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Of course, it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
- Keep corporate and personal passwords separate.
- Change your passwords often (ideally every month).
- Log off your computer or lock it when you leave it for any period of time.
- Use a password manager like Dashlane or Lastpass to store your passwords securely.
- Write passwords down or store them in the office.
- Store passwords on any device.
- Give passwords in emails or IMs.
- Give your manager your password.
- Discuss passwords with others.
- Use remember password function in applications.
- Use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed.
After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilising these recommended practices and you may not even know what data may currently be exposed or at risk. Changing your passwords and using the above techniques can help protect you from malicious web attacks.