The password is one of the most recognized means of encryption and a hacker’s favourite weak spot. Passwords are notoriously susceptible to decoding because of their human factor. We have to create them. We have to remember them. So naturally we make them our birthdays, our pets names or even variants of our own names.
For those who are a little more committed to making unshakable passwords, the trouble lies in deploying password managers. These applications are helpful in theory, but they are not always available for all the different devices that we may have to use.
Passwords seem like an unwinnable battle of secure, hard-to-remember jumbles of code and vulnerable, yet effortlessly easy phrases. What is the solution? In this article, we will be looking at best practices that can provide strong protection and practicality so employees can focus on important work, not remembering complicated passwords!
Identifying the Risks:
In order to develop secure passwords, you must first identify the need for such a password. What are you trying to protect? What are the risks facing this information?
For example, a password that fortifies a company’s Instagram account can be susceptible to breach because it is likely used to protect their Facebook account, website and other common platforms, EVEN YOUR ACCESS TO YOUR CLOUD INFRASTRUCTURE. Once a hacker unlocks one of these platforms, they may have unlocked them all. Another form of password is one that safeguards offline or shared files. These files, whether in ZIP or PDF format (such as a personal record or tax return), are often subject to brute-force hacks.
The following table shows how fast a professional password hacker can get access to your data:
|TYPE OF PASSWORD||Online Login Hack / Grind||Offline File Hack / Hack||Hack / Grind Using A Massive Array Super Computer Hack|
|9 Numerical Digits
(social security number)
|1.84 weeks||0.01 second||0.00001 second|
(all lower case)
|6.91 years||2.17 seconds||0.002 seconds|
(with upper & lower case)
|17.33 centuries||9 minutes||.54 seconds|
(with upper & lower case + number)
|70.56 centuries||36 minutes||2.22 seconds|
(upper & lower case + number + special character)
|2000 centuries||18 hours||1.12 minutes|
(upper & lower case + number + special character)
|19.24 million centuries||19.24 years||1 week|
|12 Digits(upper & lower case + number + special character)||1.74 hundred billion centuries||1.74 thousand centuries||1.74 centuries|
Keep Your Passwords 12+ Characters:
Many people are under the impression that 8 numbers or letters is a highly secure length for a password. In fact, passwords need to be at least 12 characters to be effective. Super-computers have the capability to infiltrate shorter passwords with overwhelming speeds. As the table above explains, online web access logins protected by a 9 digit numeric password could be cracked within 1.84 weeks. A login protected using a 12 digit multi-character password would comparatively take 1.74 hundred billion centuries to crack, a mindboggling timeframe.
Do not use words in the dictionary:
Using common words and familiar phrases makes it easy to remember the plethora of passwords in our daily lives. Some of the most widely-used passwords are keywords like “welcome”, “google”, “admin” and “123456”. Password-cracking software is intelligent and can grind through dictionary words, slang terms and simple number sequences. Adding numbers or capital letters to common passwords does not necessarily strengthen their fortification. If your password is “password”, it is still ineffectual when changed to “passw0rd”.
Create a passphrase:
A long string of codified text is the best form of password. Yet it can be practically impossible to remember such a bizarre sequence of text. One way to decipher this code is to think of a sentence that is recognizable to you. Let’s say you struggle with passwords. An easy one to remember might be “Ihatepasswords”. When codified, it becomes “Ih8p@$$w0rD5”. It still maintains a logical, readable appearance without losing the integrity of the original phrase. However, this jumble of letters, numbers and symbols is now keeping your private information extremely secure.
Use different passwords on different accounts:
Using the same password for multiple devices, accounts and apps makes life easier. It also allows for hackers to quickly delve into your entire online presence. Intruders can seize your social media platforms, bank accounts, email accounts and virtually any place that you log in. By separating your passwords, you are taking a vital step in protecting your identity.
Use two-factor authentication:
Two-factor authentication prevents hackers from getting into your accounts, even if they know your password. All that is needed is for you to know your passphrase and to have an accessible device. After inputting your passphrase, you will have a code sent to your phone or tablet that is used as your secondary login. This combination of factors is an effective and straightforward way of confirming your identity.
Do not share passwords in Email:
Emails can contain confidential information that, if shared, could have devastating results. Emails are also one of the easiest platforms to hack because they are in a basic form of text. If multiple people need to access one email account, consider deploying a password manager so this information can be shared secretively. Additionally, explore the option of email encryption so confidential content can be hidden from cyber criminals.
Listen to the news:
Be alert for any breaking news regarding a company that you utilize to conduct business, such as Gmail or WordPress. Email providers, CMS sites and social media platforms are constantly subjected to hacking. If you notice that one of these companies has suffered an attack, change your passwords as soon as possible. Even if an incident hasn’t occurred, changing your passwords frequently is a great habit to start.
Hackers are getting smarter and the technology they possess is getting more powerful. As long as the average account user is aware of the risks and proactive with protection, these cyber trespassers can be kept at bay. Performing best practices and being diligent about password sharing and authentication are a business’s greatest defense against a destructive breach.