The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
Password Data Security
With technology getting quicker and more efficient every year, weak passwords become easier and quicker to crack by cyber criminals. You may think that your 8-character password is sufficient but did you know that it can take just one minute for a professional hacker to crack a simple password, particularly if it only contains lowercase characters. Many people use simplistic passwords which are short and only contain letters, keeping them easy to remember, but this makes them highly vulnerable to a targeted attack.
Believe it or not, this is a list of the top ten most common passwords in 2019, all of which can be cracked almost instantaneously:
123456
123456789
qwerty
password
111111
12345678
abc123
1234567
password1
12345
Worrying, isn’t it… Common sense dictates that these passwords are very insecure but that doesn’t stop people using them every day. Below are some top tips to create non-crackable passwords and avoid being hacked, keeping your data secure.
Don’t use the same password for everything
We all have so many passwords to remember today; laptops, smartphones, bank accounts, utility accounts – the list goes on. Commonly, people reuse the same password throughout their many accounts to make them easier to access and manager. Trouble is, it also makes it easier for hackers to gain access to not just one of your accounts, but all of them! A dangerous tactic and one that should always be avoided. If you’re not sure if your accounts have been accessed when some of the most popular and well-known data breaches occurred is haveibeenpwned.com. It instantly tells you which data breaches your account was found in and if it was ‘pasted’, or dumped, online for all to see.
A research paper on password habits found that out of 500,000 users, each had 25 online accounts, but only 6.5 different passwords. That’s just one password for every 4 websites. This is good news for a hacker since it provides them with an easy way to access multiple accounts.
Choosing the right password
Numbers, letters and characters: one of the best ways to increase the security of your password is to widen the type of characters you use. A password should never contain just letters, or letters and numbers. Make use of special characters, such as ‘!’, ‘@’, and ‘#’, although it is worth noting that these particular characters are some of the more common ones used so try to use more unusual ones and vary them. By making use of special extra characters, the security of your password increases tenfold. A good tip which will dramatically increase the time it takes to crack a password, but still keep it memorable, is to substitute letters for numbers or special characters, for example, use an ‘_’ in place of a space, a ‘0’ in place of an ‘O’, or an ‘!’ in place of a ‘1’. The options are endless but every character you add hugely increases the time needed to crack it.
Length: your password should always be a minimum of eight characters in length. Every character you add makes your account exponentially stronger. However, using a longer password doesn’t always guarantee it’s stronger. Whilst it is still better to use as long a password as you can, use a mix of numbers and special characters. Just a long word you’ve found in the dictionary will not suffice as a secure password.
Phrases: a great way to make a secure password and memorable is to take a phrase and extract letters from the phrase to use in your password. Try taking the first letter from each word of the phrase and combine them to make the password, using capitals and swapping letters for numbers or special characters. It is still a good idea to add some more characters, especially special characters, to make them even more complex but that is the basics for creating a good strong password.
Avoid dictionary words: a common method of attack used by hackers is called a dictionary attack. They have a large index of words that they use to try and crack passwords. More advanced hackers will try each dictionary word with a variety of changes, such as adding numbers and capitalizing some letters. Therefore, it is always best to try and avoid using actual dictionary words but make them more secure by inserting numbers and special characters.
Don’t use personal information: avoid using any personal information in the password. Your personal information can be found in social engineering attacks or simply by googling someone. A common password may involve a pet’s name and your birthday combined: all of this information can easily be extracted through most people’s Facebook pages and so makes a targeted attack very easily accomplishable. Similarly, when it comes to choosing security questions, try to avoid using the obvious options like “What is your mother’s maiden name”, as these can easily be discovered by anyone.
Change passwords regularly: a tip that is always heard from industry professionals, or if you work within a corporate environment when the IT department updates/changes your password, and probably the websites that you use, is to change your password on a regular basis. This is with good reason. Using the same password for an extensive amount of time will eventually lead to the account being compromised. Another reason to change them regularly is that an attacker may already have access to your account but lays low to steal as much information as possible, for as long as they can without being detected. Changing your password would immediately revoke access to your account.
Password managers: password managers are useful for two main reasons: they can store all your passwords in one place allowing the use of more advanced passwords that you’re password manager will remember; using the password manager to automatically generate strong passwords. However, not all password managers have this feature so double-check before you commit. Using a password manager enables users to remember just one password to gain access to your other passwords, plus all your stored passwords are encrypted.
With the rise in cyber breaches constantly being report and with many more businesses, organisations and individual people being targeted by cyber criminals, doing your ‘bit’ to protect and secure your data through comprehensive password management is a must.
About the Author
Jack started out in marketing communications within a technology environment and over the past 20 years has written a wide range of articles, blogs, guides and white papers on a variety of IT and technology-related topics. With a keen interest in cyber and network security, VPNs, AI and digital transformation, Jack has written guest articles for a number of platforms as well as his own VPN Geeks forum.
