It’s the end of a long workday – time to head home! Pack up your things, kill the lights, and latch the front door with Velcro.
Sounds ridiculous, right? You would never use Velcro to secure your business for the night – anyone could break in. Instead, you have sturdy locks and maybe even access control.
We go to great lengths to prevent physical break-ins, however often do the opposite when it comes to preventing digital break-ins. Online, we guard our critical information with passwords. But unfortunately, many passwords used today are about as secure as that Velcro.
Know Your Enemy
To understand why it’s important to use strong passwords, it helps to know the techniques used to break them.
Sometimes, an attacker can access your account without any special tools. Perhaps they found your password on the Dark Web, and they guess that you re-use it (this Mashable article says, “Basically everyone reuses their passwords.”). They may also try personal information such as your birthday or your pet’s name (freely available via social media) until they get a hit.
Hackers can also use computer-based tools called password crackers for things like:
- Dictionary attacks first try the most statistically popular passwords, then move to the full dictionary until they find a match. They can determine dictionary words and other patterns.
- Brute force attacks try alphanumeric character and symbol in many possible combinations. Brute force crackers can take a long time to run, but are exhaustive.
With these attack methods in mind, here are some tips to create a strong password:
- Avoid personal information. It’s just too easy to guess. What’s more, dictionary attacks sometimes use a compiled personal information database to more guess passwords.
- Make it long. When you add characters to a password, the number of possible combinations for a brute force attack grows exponentially. Experts recommend at least 13 characters, but this recommendation will increase as brute force attacks become faster and more advanced.
- Don’t recycle passwords. It’s important not to re-use a password, no matter how strong. If one account is breached, the first thing an attacker will do is try the same login for other, potentially more critical, sites.
- Use Passphrases. A long, strong, and memorable passphrase is one great method. For example, use a string of unrelated words, ideally with extra characters (e.g. “hammer-jumping Fuzzy Creator”. Or try a longer sentence like, “I want to eat some cotton candy!”. And you can find a whole lot more from ConnectSafely.
Consider a secure password vault to store and manage your passwords in one place (many even offer a password generator to take the headache out of password creation). And make sure you protect the password vault, as well as your other important accounts, with two-factor authentication as an added layer of security.
Now get creative, and come up with a formidable password. Have some fun with it, just don’t tell anyone what it is!
Your Friends @ Defendify