Many people use short passwords, simple words, or include numbers in the passwords that can relate to their lives and are still too easy to guess. Sometimes if a person has a hard time remembering passwords, they get a list of the passwords right next to the computer. So yes, people do it even after knowing this can compromise their safety if others use their computer or get their hands on the list.
However, too strong passwords that a person can't remember are useless. Also, the passwords that are too easy to remember can be easy to guess or establish with a brute-force attack. Hence setting up a strong password is not a cakewalk as it seems. You need to consider too many aspects before choosing a unique password each time, wondering what? Scroll down and have a look at the below section to know how to create a strong password with ease.
What Makes a Password Strong?
The critical aspects of a strong password are:
- Length- as the longer the password is, the better it is for the user,
- A mix of letters- both the upper as well as lower case,
- The numbers- ensure it’s not easy to guess the number,
- Various symbols- no ties to the personal information of the user and no dictionary words.
The good news is that you don’t have to memorize many awful strings of random letters and numbers and symbols to incorporate all of these aspects into your passwords. Instead, you need to learn a few tricks.
According to a study, a good password has a minimum of 12 characters. You need to choose a password that is long enough. There's no minimum password length everyone agrees on, but you should always go for the passwords that have a minimum number of 12 to 14 characters in length.
The longer the password, the better it would be. This may include numbers, symbols, Capital Letters, and lowercase letters. You can use a mix of different types of characters to make the password much harder to crack.
It should not be a dictionary word or a combination of dictionary words. You must always stay away from the famous dictionary words and the varieties of dictionary words. Any dictionary word on its own is a terrible password. The combination of a few words, if they are ubiquitous, is also a terrible password.
You should not ever reuse your passwords. Suppose you are using the same password across your email, shopping, and other social media handles and websites that are holding sensitive personal data. In that case, if one of them is hacked, you will be exposed to all other services at the risk of being breached as well.
You should not also share your passwords. This one is a no-brainer, and even if you need to share it, you must change it as soon as possible.
If you want to add symbols to your passwords without making them harder to remember, you can always use emoticons.
Although you won't be able to add emoji in a password, you can use emoticons, which are the coded versions of emojis, usually made up of punctuation, letters, and numbers. They are also a great way to create unique passwords.
Use a Password Generator
If you don’t have time or patience to develop strong passwords, a password generator is a quick and easy way to get a unique and strong password. A password generator will generally create a sequence of random characters.
You can copy the password from it and use it as a password for their devices, email, social media account, or anything else requiring private access. This is a great way to create strong passwords, but they also have to remember them.
How does a Password Get Hacked?
Cybercriminals generally have several password-hacking tactics for their use. The easiest one is to access the passwords from the dark web. There are large sums of money in the buying and selling of the login credentials and passwords on the black market, and if you have been using the same password for many years, there are chances that it has been compromised.
If a person is wise enough to keep their passwords off the aggregated Blackmarket lists, cybercriminals will have to crack them. There are many ways in which they can accomplish it. They are:
Brute Force Attack
This time of attack generally tries to guess every combination in the book until it hits the right password. The attacker generally uses software to try as many combinations as possible and in as quick a time as possible. Unfortunately, there have been some unfortunate headway in the evolution of that kind of technology.
In 2012, an industrious hacker unveiled a 25-GPU cluster he had programmed that can be used to crack any 8-character Windows password, which has both uppercase and lowercase letters, numbers, and symbols in less than six hours.
It can try more than 350 billion guesses per second. Generally, any password with under 12 characters is vulnerable to being cracked and the account being hacked. From this, we can see how a long password is better.
This attack is what it sounds like. The hacker essentially attacks you by using a dictionary. A brute force attack generally tries every combination of symbols, numbers, and letters. Still, a dictionary attack generally tries a prearranged list of words such as the ones you can find in a dictionary.
If your password is indeed a common word, they will only survive a dictionary attack if the word is wildly uncommon or if you’ve used multiple word phrases.
This is the most terrible type of cyber attack. It happens when cybercriminals try to trick, intimidate, or pressure a person through social engineering into unwittingly doing what they want.
A phishing email may tell a person that there's something wrong with their credit card or bank account. They will also direct the person to click a link, which will take them to a phony website built to resemble the bank or the credit card company.
Phishing scams can also try to trap a person through phone calls too. Yes, you can get any robocall claiming to be from their bank or credit card account. However, you should always notice the recorded greeting because they generally don't specify which credit card it's calling about.
It's generally a sort of test to see if a person hangs up right away or if they've got a person hooked to share his/her details with them. If a person stays on the line, they will soon be connected to a real person who will do what they can do to take as much sensitive data out of the person as possible, including their passwords to rob them or harm them in any way possible according to their needs.
How to Create Strong Passwords
Creating a strong password always seems challenging, especially when the job is to create a unique password for each of the sites you visit. As a result, many people are using one identical password even though they know that it's unsafe, and if it gets compromised, all of their web information will be exposed.
If you find yourself in a similar kind of state, follow the below processes to create strong passwords next time onwards and change the existing ones.
The Revised Passphrase Method
This is the multiple-word phrase method for creating a strong password with a twist. You can choose bizarre and uncommon words in the creation of a strong password by this method. Use proper nouns, local businesses or shops, historical monuments, words you know in another language, etc.
A hacker might guess the word, but he or she would find it very difficult to try to guess a good password that has a combination of many words. While the words should be uncommon, they should also try to compose a phrase that gives a mental image to help them remember it.
To add another notch in the password complexity, one can also add random characters in the middle of the words or between the words they have used. In this method, you have to avoid the underscores between words.
The Sentence Method
This method is also popularly known as the "Bruce Schneier Method." The idea is to think of random sentences and then transform them into passwords using a rule to remember them.
Ways to Improve the Password
All of the above methods written here generally help strengthen the passwords and are widely used. Still, they aren't very workable because an average person generally uses dozens of them. Here are a few ways to use modern technology to make strong passwords.
Use a Password Manager or Random Password Generator
A password manager generally keeps track of all the passwords a person has and does all the remembering for him/her, except for the master password, which grants them access to their password manager.
Careful about Password Sharing
Security-conscious websites generally hash their users' passwords so that even if their data gets out to the public, the actual passwords always remain encrypted.
Other websites generally don't bother with this step. Before starting any account, creating passwords, and giving a website very sensitive info, an individual should always take a moment to think about assessing the site.
They should always look for factors like does it have https in the address bar, which will ensure a secure connection? Do they get the sense it is up to the newest security standards that are available today? If these types of questions are not fulfilled, you should think twice before creating an account.
Use Multi-factor Authentication.
Multi-factor authentication (MFA) generally adds an extra layer of protection to any of your data. It generally becomes the first layer of protection if a person's account details ever get leaked.
These have become the new industry standard for effective security. They generally require some extra security other than passwords like biometrics such as fingerprint scanners or iris scanners.
Use an Authenticator Smartphone App
The best MFA method for a person is to use a specialized app for their smartphone. This kind of app generally generates a one-time PIN that a person can enter as an additional factor during their login process. The PINs automatically change every 30 seconds. They will need to follow the instructions to set up MFA for any particular application that needs protection.
The Security keys
Security keys generally take the security to the next level. A security key like the YubiKey gives a person the most state-of-the-art protection that is available nowadays. It generally serves as an MFA, granting individuals access to their files only if they physically have the key.
Security keys are usually available in the USB, NFC, or Bluetooth versions, and they are generally about the size of a thumb drive.
Additional Security Tips that are Surrounding Passwords
You can protect your login information further with this type of common sense, high-security tips such as
- Use a VPN when on public Wi-Fi. In that way, when you log in to any of your accounts, no one intercepts your username and password.
- You should never text or email anyone your password.
- When you’re selecting any security questions for yourself while creating an account, you should always choose quite hard questions to which only you know the answer.
Note: This could be any personal data that nobody knows. Many of the questions that a website generally asks have easy-to-find answers in the various social media channels with a simple search, so you should be aware of that and choose the questions carefully.
- When you are done, you should always take the time to tell your family and friends to protect themselves too.
- You should always make sure that his/her antivirus is up-to-date. If a threat somehow gets past their strong defences and into their system, a good antivirus will always detect and neutralize it.
Things you Should Not Include in a Password
When updating and creating new passwords, you should not include the following information in your passwords-
- Your pet's name.
- Your birthday or that of any of the family members.
- Any words that are related to your hobby, job, as well as interests.
- The part of your home address, including the city/town, the street, house/apartment number, or the country in which you live.
- Your name or the name of a family member or the family title.
Cybercriminals generally first research their victims online, thereby looking for clues that can help them to hack the password. And they always create the passwords from these types of clues about the person.
Suppose any of the passwords use any information linked to a person; in that case, you should always take a few minutes to update your passwords following the strong password practices discussed here.
The passwords generally grant access to all the personal kingdoms. So you must always think of the best practices to create a strong password to protect your accounts against cybercriminals. If the passwords you use were part of a breach, change them immediately.
As mentioned, you should always choose a strong password, but you may also need to do more than that sometimes. Using stronger passwords won't always keep you secure from all the kinds of threats out there, but using a VPN connection will do. Reputed providers like VPN Surf masks your IP address and hides your location to keep your passwords safe from the prying eyes.
Do you value your privacy online?
Use VPN Surf and surf safely and securely in the open waters of the internet.