Passwords are frustrating. You sign up for an account or service, then months later when you need to access it again you sit there staring at the password field in despair. Out of a dozen combinations of passwords you’ve used which is the right one? After multiple faliures you admit defeat and try to reset the password silently hoping its hooked up to a current email address.
But how secure are the passwords you’ve set for your accounts? In the digital world a good password is the difference between Fort Knox, and a barn with a padlock.
After all, security is the basis of our lives. We trust banks to keep our money safe, security companies to safeguard our homes, and passwords to protect our assets. Since the passwords are the only defense against cyber threats it’s important for you to choose a strong one for each account. All accounts are subject to the many dangers of hackers, but the different methods each put your password choice to the test in different ways.
- Guessing: When attackers use general information about you to try and guess words or phrases you may have chosen as a password. Things like children’s names, birth cities, favorite sports teams, mother’s maiden names, or even pets.
- Online or Offline Dictionary attacks: When attackers get a copy of user accounts and passwords and run automated programs to determine the passwords to each account, or using a program to plug in a text file of words until something sticks.
- Offline Brute Force attacks: A variation of Dictionary attacks, it uses a program that determines which passwords aren’t included in the text file. Then generates encrypted values for all possible passwords and compares it to the values in the password file.
Strong passwords can slow down and greatly hinder these attack efforts, which is why it is important to choose the right one.
Avoid using names, simple words, and password clichés which are easy to hack.
For example, qwerty, asdzxc, 123456, etc
It is best to choose a collection of words or sentence; like a line from a favorite book or movie.
For example, "I think. Therefore I am!" to "It.T4Ia!" (I) (t)hink(.)(T)there(fore- sounds like 4) (I) (a)m(!)
Generally you want to shoot for 8-10 characters to be safe, this will make it more difficult for brute force attacks to succeed.
Storage of passwords in a plain text document is also a big no no, if your computer is compromised attackers will be able to access all of your accounts.
It’s also important to avoid using the same password for sites that store sensitive information, while its generally safe to use a duplicate password on a news site you wouldn’t want to take the same chance with a site that holds your personal information. Never use the same password as the one to your email, otherwise if the site gets hacked they will be able to get into your email too.
Even with a strong password, you must be aware of phishing attacks that attempt to get you to provide your password to attackers. By having different passwords for each service you will minimilize the impact if your password is compromised.