How to strengthen you password security
Technology

The Complete Guide to Password Security

By

Password security in 2021 has come up as one of the major concerns of the cyber world. In fact, it has always been there, but every passing day makes it even more relevant. According to the survey results published in the 2021 UK Cybersecurity Census Report:

“92% of the UK businesses experienced a cyberattack in the last 12 months, and over two-thirds (72%) were successfully breached at least once.”

Why is Password Security Important?

Repeating your passwords or relying on “weak” passwords can make you a very vulnerable target for hackers. Cracking your password can enable a hacker to intrude into many areas of your personal, social, and corporate life. For instance, they can access your bank accounts, emails, social media accounts, and other virtual safehouses (presumably) where you may have stored your confidential data.

That’s why we’ve come up with this comprehensive guide to password security in 2021. It covers all the essential aspects, sharing handy tips and tricks on making safer, stronger, secure, and more reliable passwords in 2021 and beyond.

“90% of internet users are worried about getting their passwords hacked.” Source: Data Prot

Hackers resort to one of the following ways of password hacking almost every single time:

Brute Force Attacks

Most hackers prefer to rely on different types of automated software in guessing the username and password combination. These software solutions specialise in trying every possible character combination to get to the one you’ve used in a particular instance. One of the first things most of them try is the most commonly used passwords. That’s how a brute force attack can easily crack weak or common passwords. This method can break every type of password eventually if it gets enough time to run. However, you can make this job difficult and time-consuming by setting up a complex password.

Dictionary Attacks

A hacker uses a slightly different technique to break into your passwords through this method. Unlike the Brute Force Attacks, they run a predefined “dictionary” to try and hack through your passwords. This dictionary also resorts to the most common passwords combinations people tend to use. And that’s how it cut on the time and effort to hack into weakly protected accounts. You can improve your protection against such attacks by using a single-use, strong password for every account you have.

Phishing and Social Engineering

Many believe that using phishing or social engineering attack to access someone’s password doesn’t qualify technically as a hack. But it ultimately enables a hacker to access the account(s) associated with that password. When a hacker tries to breach your account’s security with the help of spoofed emails designed to look and feel like these are sent from a legitimate organisation, it’s referred to as a phishing attack. On the other hand, social engineering refers to real-world phishing (over the phone).

Unlike the common perception, the ramifications of identity theft aren’t confined to financial problems only. The victims are very likely to face different emotional implications, which sometimes include anxiety and stress. That’s why it is so imperative to protect yourself from financial, social, and even physical burdens of privacy invasion.

“75% of organisations around the world experienced a phishing attack in 2020.”

Source: Expert Insights

What Are the Best Ways to Create Strong Passwords?

Some of the most effective ways of securing your passwords include:

Avoid Repetition in Passwords

Can you use the same passwords across multiple accounts? Yes, you can. But is it recommendable? Definitely not! Why? Because it makes your accounts vulnerable to hacking. Many people fall for the convenience of using one or two passwords for all their accounts. But this makes it equally convenient for a hacker. Now they just need to crack a single password to gain access to all those accounts you use that password for. Make sure you use a different password for every account you create to steer away from identity theft.

Avoid Similar Passwords

You also need to avoid using similar passwords. Changes like “Passowrd123” to “Password321” aren’t going to do any good in the name of protection from hackers. Whether you want to create a new password, or thinking about changing an older one, make sure it’s a different one altogether.

Avoid Using Personal Information

Creating passwords based on your personal information is also not something wise to do. It can be anything directly and openly associated with you. For instance, your first pet’s name, your hometown’s name, your high school’s name, and so forth. Your bustling presence on social media further eases the job of a hacker in figuring out such passwords. Even some of your acquaintances may try to hack your account(s) for whatever reason.

Avoid Short Passwords

Do you still think an eight-character password is a good one? Not anymore, though. Thanks to modern-day computing advances, cracking an eight-character password is a child’s play now. Most experts believe your password shouldn’t be any shorter than 15 to 20 characters. Longer is stronger nowadays.

Avoid Common Character Substitutions

The fact is that swapping in an “E” with a “3” doesn’t work anymore. We’re no more living in the 1980s and 90s. “3tr0ng123” doesn’t work nowadays. Hackers and hacking tools have gone too smart to be stopped with this type of password.

Avoid Storing Passwords in Plaintext

Again, it doesn’t work anymore – plain and simple. Plaintext lacks any encryption, as accessible as the text in this blog. Though it looks convenient to store your passwords on a spreadsheet or a notepad, it can cause you big trouble once it gets into the wrong hands. Using a password manager can be the best alternative instead.

Can You Ever be Too Safe with Your Passwords?

When comparing the cost of modern-day security and the value of corresponding information, most of us find the combo of a user ID and a password adequate to counter the hacks. However, passwords are notorious for giving you a false sense of protection. Wannabe hackers also know this and want to make the most of cracking your passwords and intruding into your systems.

One of the worst aspects of relying solely on passwords for securing your information is that more than one person can get hold of them. It doesn’t matter in the end, whether it was intentional or accidental. Why? Because it’s hard to know if and when someone other than the password’s owner gets to know it.

Remember, a system never knows if the person with the password is the actual user or someone else trying to snoop in.

“59% of organizations rely on human memory to manage passwords.” Source: Ponemon Institute

You can generally segregate password vulnerabilities into two categories:

  • Organisational/User Vulnerabilities: These vulnerabilities involve a lack of password policies at an organisation’s level and a lack of security awareness at the users’ level.
  • Technical Vulnerabilities: This type of vulnerability includes weak encryption methods and storage of passwords insecurely on local computer systems.

Now let’s explore these vulnerabilities a little further in the passage below.

Organisational/User Password Vulnerabilities

Humans seek convenience by nature. That’s why most of us aren’t comfortable remembering a bunch of passwords (often dozens of them) running through our daily life, especially work-related ones. And hackers seem to take advantage of this factor more than anything else.

Do you know how many combinations of eight-character long passwords can you make using only the 26 alphabetic and ten numerical keys at your disposal? About 3 trillion. But our tendency to seek convenience limits us to just a few, and that’s what hackers must love about us. Most of us don’t feel like doing anything more than “Password123”. And that’s helping hackers a great deal.

Technical Password Vulnerabilities

Many developers and vendors believe that their passwords will remain safe if they avoid publishing the source code for their encryption algorithms. Unfortunately, it’s pretty far from reality. Any hacker with ample patience and persistence is very likely to crack this level of security with obscurity (refers technically to a security measure hidden from viewing apparently but can be overcome with ease) quickly enough. Once they cross this barrier of cracking the code, the next step includes distributing it across the internet, making it a piece of public knowledge.

Weak password encryption makes it easier for password-cracking utilities to exploit your security vulnerabilities. For instance, programs that rely on storing the passwords in memory, unprotected files, or easily accessible databases. With enough time and computational prowess, such utilities are capable of cracking almost any password. So, it’s better you do whatever you can to protect your passwords from any possible exploitation.

How to Prevent Online Scams & Identity Theft?

By understanding and implementing the following tips, you can beef up your password security, minimising and preventing identity theft.

Create Strong Passwords

Strong passwords make the first line of defence when it comes to the prevention of identity theft. Guessing passwords is one of the easiest ways for hackers to break into your accounts and exploit them. Success in cracking only one of your accounts can give them the edge to try and hack multiple accounts using the same info.

Anywhere between 8 to 15 characters, a combination of uppercase and lowercase letters, and the inclusion of symbols and numerals make up a strong password nowadays. A paraphrasing-based password gives you an even higher level of security. It is a password constituted of a sentence or a combination of words where the first letter of every word forms the basis of the password. Substituting letters with numbers and symbols further adds to the difficulty level of such passwords.

Monitor Social Media Privacy Settings

Social media has become an integral part of our modern lifestyle. Whether you like it or not, socialising remains incomplete without social media. However, you may also be overexposing yourself by sharing too much online, not only for online identity theft but even for actual burglaries. Most of your social media profiles are accessible to strangers. Hackers and real-life criminals can plan to exploit you virtually and physically with the help of that information.

Don’t forget to check the privacy policy and user security options whether you use Facebook, Twitter, Insta or LinkedIn. Make sure you don’t allow access to everyone and everything. Based on how much different platforms allow, confine the visibility and access of your social media profile to your family and friends. Avoid sharing about what you’re doing currently, vacationing, camping, or anything else, because the rogue elements can use such information to harm you.

Stay Away from Phishing Emails

Hackers find phishing to be one of the most convenient ways of stealing personal information to commit identity theft. They’re designed and developed to trick you into considering them legit and entering your personal information into them. Most of the time, they do so by luring you into clicking a link. And the information they can ask for may include your account number, date of birth, or even the password of an account. Alternatively, the emails can also contain an attachment, which can directly infect your system with malware once opened.

Though bad guys try to make such emails look as legit as possible, there are still some red flags you better look for. A mismatched URL, bad spelling and grammar, unexpected correspondence, unnecessary or frequent requests for personal information, or even threatening language and tone are some most common red flags for a possible phishing attempt.

Google has registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months).”

Source: Ponemon Institute

Avoid Public Wi-Fi

Who wouldn’t like to have a public Wi-fi connection? It’s free, it’s quick, and it’s convenient, right? But before you start your next internet-surfing spree on a free public Wi-fi, you better know it’s one of the most favourite hunting grounds for hackers and online scammers. Public Wi-fi doesn’t need any authentication for establishing a network connection, making it easy for you to connect on it. But it lends the same ease to hackers as well. They lurk around on the network to find and intrude into any unsecured devices. Not everyone is tech-savvy enough always to keep up their guard.

Unsecured Wi-fi networks may serve as a handy way of spreading malware, enabling criminals to access everything on your device unrestrictedly. Once they get hold of your personal information through such tactics via public Wi-fi connections, they can do anything to harm you. It can range from committing identity theft to selling your information to criminal-minded third parties and so forth.

Don’t Use Unsecure Websites

Are you not so sure about how to discern whether a website is secure or not? Not an issue at all if you’re willing to have a look at the URL! Every web address starts either with an “http” or an “https”. Make sure you always stay away from websites beginning with “http” and hop on to the one with “https”. The little “s” after the “http” ensures that all communication taking place between your browser and the website remains encrypted, adding to its security. It serves to add a layer of protection to keep your information safe, slashing the possibility of your data falling into the wrong hands.

Update Your Security Software Regularly

The good news is that hackers are not the only ones getting sharper at what they do. Antivirus software programs are also keeping up the best they can. When you install and update an antivirus on a system, it helps detect threats, also blocking unauthorised users from accessing it. Since the hacker community likes to hurry to breach security measures, antiviruses are also rolling out updates quite frequently. Make sure you regularly update your system with the latest version of the antivirus installed on your device. It will give you ample protection from being a victim of hackers.

Useful Read: How To Not Be A Victim Of Mobile Phone Scams

How to Keep Stronger Passwords Securer in 2021?

Password security is just one aspect of securing your personal information. You can double it up with the help of two-factor authentication, also referred to as 2FA. We’ve compiled a few simple but effective ways of securing your passwords as much as possible:

2FA Activation

Consider your password as a cake and two-factor authentication as a cherry. What do you get? The cherry on top, of course, and this is what 2FA is all about. It’s an additional element to the base layer of your security – the second factor – completing the login process. You can do so in different ways. Most common examples include a code created through an app like Google Administrator, a physical USB dongle, or even a fingerprint scan, and so forth.

Avoid Password Recycling

As mentioned earlier, using the same password for different accounts or slight variations rather than setting up a unique password can do more harm than good. Avoid that, or you’ll become a victim of a security breach sooner or later. Remember, it’s always better safe than sorry.

Stop Sharing Passwords

Whenever you send someone a password through a text or an email, you’re exposing it to interception. More so when done through a public Wi-fi network. You may assume that using a messaging app like WhatsApp may be a comparatively better way. But is it really? The truth is that recent security breaches surrounding WhatsApp have sent people looking for highly secure WhatsApp alternatives. The emphasis here is not to be lured into sharing your personal and private info over the internet, especially when it’s a password.

Use a Password Manager to Store Your Passwords

Let’s admit that remembering long passwords, and so many of them, are not everyone’s cup of tea. Things get even worse when you want to use a unique password for each of your accounts. Is there a way out then? Of course, there is, and even more uncomplicated and handier than you think. While there may be an argument about which one’s the best password manager, almost all experts agree that password manager is the best way to handle the bunch of passwords most of you may have.

It’s essential to understand and realise that no matter how strong a password you create, they get control over your account if someone gets it. Weak passwords coupled with poor password-safety practices can lead to hackers taking charge of your account. Not only that, but they can also use your personal information to exploit you financially, socially, or resort to other methods of identity theft. The worst of all is that they sell it over the dark web. So, make sure you’re not casual about password creation and password security measures, following the tips in this blog.

“500,000 stolen Zoom passwords were available for sale in dark web crime forums in 2020.”

Source: PURPLESEC

FAQs

How to check password security?

Three things usually determine a password’s strength. First, how long is the character set used in creating the password? Second, what’s the character count of the password is itself? And lastly, how varied are the characters chosen for the password.

How to create a strong password?

  • Avoid password repetition.
  • Don’t use similar passwords.
  • Avoid using personal information in passwords.
  • Make it at least 8-10 characters long.
  • Don’t store a password in plaintext.

How important is password security?

Strong passwords make the first line of defence when it comes to the prevention of identity theft. Guessing passwords is one of the easiest ways for hackers to break into your accounts and exploit them. Success in cracking only one of your accounts can give them the edge to try and hack multiple accounts using the same info. You must create unique and strong passwords for all accounts and protect them from hackers and identity theft issues.

How Do Password Protection Apps Work?

Password security software and password protection apps store your information only after applying modern encryption techniques. It makes sure your data remains safer even in case of a significant data breach. And the hacker ends up only with encrypted blobs of characters, which are practically useless in the absence of the master password.

You may also like

Post A Comment

Your email address will not be published.