Top 9 tips for strong password security
How many services online are you registered to? If this number is much higher than the count of your known passwords, you might be in trouble.
Once some of your password leaks, your identity is not fully protected from misuse anymore.
But we have developed concise and robust guidance on how to minimize your password risks.
Treat your passwords like your toothbrush. Don’t let anybody else use it, and get a new one every six months.
This article basically summarizes the importance of using a strong password and also ensuring that these passwords are not reused.
📑 Table of Contents
Basically, a password is a word that gives a pass. For instance, you want to sign up on an online platform. You are asked to provide details like your first name, surname, date of birth, etc., then finally pick a password and reenter the password. The password is then requested of you at the login page.
Knowing the password proves your identity. It proves that you are the account owner; so, using a solid and uncommon password is very important.
Most websites that require logging in try to enforce a password policy, i.e., ensuring the passwords contain alphabets, both small and capital letters, numbers, and special characters like @12Gdver%&*.
But then users of those online platforms instead use passwords like 12345678, abcdred, 0re0luwa, etc., which are easier to remember and take minutes or even seconds to be cracked, depending on the system used for cracking. But I don’t blame them actually.
Imagine having to cram a password like @12Gdver%&* for those who don't use password managers. It is quite a brain-tasking and requires a lot of retentive memory to remember this password.
This is why I advise people to use passphrases as passwords instead. Imagine using passwords like "[email protected]@[email protected]@[email protected]"; they are effortless to remember and next to impossible to crack due to their simple but complex nature, ironically speaking.
Note: Most websites are hacked and accessed as a result of poor passwords
Using the same passwords for different websites is like using one toothbrush to wash different strangers' teeth. For someone who has a mouth infection like Gingivostomatitis (a highly contagious infection of the mouth whose symptoms include pain, swollen gums, blisters, and sores.), sharing the toothbrush with other people will transmit this infection to them.
The first week in June, it was reported that the most extensive collection of passwords was leaked on a popular hacker forum. The compilation was dubbed RockYou2021, the brother of RockYou. RockYou2021 is a massive 100GB text file containing over 8 billion passwords combined from data leaks, breaches, and hacks, done by threat actors on various social media platforms.
Below is a picture of some of the passwords included in the RockYou compilation. Imagine if your password was included in that compilation, and you used it across different platforms. This means all your accounts are now at risk of being hacked simultaneously.
Let me digress and tell you a true-life story.
The first social media platform I joined was 2go. Followed by Facebook, Instagram, and Twitter. I didn't allow my parents to know, though. All they thought I did on the phone was play games. I was very secretive, so I knew how to hide a lot of stuff. Apparently, I used the same password across all my social media accounts, and guess the password?? It was 123456. Funny right?
Don’t blame me. Back then, all I cared about was owning an account. I cared less about how secure the account was. I just wanted to feel among.
This fateful day, I was asleep, and this particular call woke me up. It was the voice of a woman, so sweet and soothing. She claimed she was from Facebook customer care and noticed an unauthorized device was trying to access my Facebook account. She needed to know my password to make sure I was the one who tried to access it. I told her the password, and I went back to sleep. That sleep was really sweet, so I hurried to dismiss her and continue having that sweet dream. What just happened was vishing. Vishing is a social engineering technique hackers use to make their victims reveal personal information under disguise.
A few days later, I found out I couldn't log into any of my social media accounts. The error code read "incorrect password”. I probably thought I forgot my password and ignorantly opened new accounts. Some days after, during a regular family meeting, my name came up. They all claimed I have been asking and begging them for money and wanted to know if everything was alright.
My brain woke up entirely, and then I put 2 and 2 together, from that call I received to the whole issue of not accessing my social accounts. I was severely scolded, and my phone was seized, LOL. Imagine if I had used separate passwords for all the accounts, the damage could have been reduced.
One way of ensuring strong password psychology and monitoring your use of passwords is by using a password manager.
Password managers are safe to use because they actually don’t store passwords in plaintext but in an encrypted format. So, even though they are hacked, only the customer's data is compromised, not the password. What the hackers will attempt to do is send phishing emails to the customers in an attempt to tempt them to reveal their master password. In the last ten years, password managers like 1Password, LastPass, DashLane, and Keeper have suffered from data breaches. Still, then the hackers couldn't break the encryption algorithm.
I bet there is much more everyone should consider for strong password culture, but we will stop by following 9 tips, looking for us upmost essential and easy to start using right now.
- Password length. This one can change the whole story within a second or milliseconds. Many modern services are requiring a password to be at least 8 characters long. I will strongly recommend having 12 characters long password. Those 4 additional characters are adding a few thousand years for brute-forcing the password.
- No personal information in password text. It is tough to restrain using the name and birth date of your kids for your pass. But this will create double risk for you. Once your password is cracked, your secret questions for other services could be compromised too.
- Use all bunch of characters for your pass. Don't be afraid of using all allowed symbols for your password, including lower and UPPER case, numbers, and special characters @, !, *, #, etc., if they are allowed. This makes brute-forcing much harder.
- Use some nonsense words. You have it long and use of special characters, it is nice. But is it gucci!prada&1? Believe me, brute-forcing wordlists are much sophisticated as you might think.
- Keep your pass aside from other's eyes. It is noticeable but not always clear enough. People underestimate such techniques as shoulder surfing in password security. Just remember, some people keep the whole log of poker game in their had… your15 characters length password is just a puff for them.
- Do not reuse your password. I know it is easy to say, but you have to use to it. It will give you security fruits later.
- Use password manager thoroughly. Many people think that password manager is Jack of all Craft. But it is wrong. It is just storage. If you lose access control to your password manager, you can lose all passwords at once. Use at least a few files for passwords of a different type: work, home, hobby, freelance…
- Change your password regularly. I know the ways how to brute any password quite quickly, let us say within 3 months. But if you change it every 2 months and use all proposed recommendations, then I don't have too many chances.
- Use two-factor authentication. This method is the cherry on the cake. It provides an enormous enhancement to your password policy.
In conclusion, it is very easy to be tempted to use a simple password and replicate it across all your online accounts because you don't want to remember several passwords, and it is perfectly understandable.
According to reports, 81% of data breaches result from using weak passwords costing individuals or companies millions of dollars. Take a look at the recent supply chain attack on SolarWinds. Apparently, the password to one of their file servers was solarwinds123; Just take a look at that. Weighing your options, you find out the disadvantages far outweigh the advantages, if there are even any.
Using password managers saves you a lot of stress from remembering your passwords to ensure that you don't reuse them after they expire. But don't forget, a password manager is also just a tool. You have to use a whole set of tips to ensure a high-security level.
Please use the information and guidelines in this article to help protect yourself, your family, and your friends.
If you are interested in knowing more about strong passwords or have questions to ask, please let me know by leaving a comment below.
And what is your preferred password?