Passwords are unique authentication keys used to access your digital data from abusers. Keeping your password strong is the only way to ensure that brute-force attacks don’t work on your account. While cybercriminals might be able to access your account through website-specific bugs, the only way to secure your account is by a strong password.
What is Password Strength?
Just like the name suggests, password strength refers to how strong the password can be while cybercriminals try to crack it. Password Policy or Password strength is determined by the number of characters, type of characters, repetition, and other similar factors.
Basic Tips for Stronger Passwords
There are simple tricks to make your password much stronger than your current one. Here are a few of them:
- Keep your password private. Your password is not to be shared with anyone and you should keep it with yourself.
- Do not write your password. An extension of the previous point, your password shouldn’t be written anywhere as there are possibilities of people finding it and being able to access your account.
- Use at least 8-character passwords. While most websites and applications keep this as a requirement for creating passwords, it is a standard you should meet for every password you set.
- Use a combination of lowercase, uppercase, numbers, and special characters. Special characters like !,&,< make it difficult for brute force attacks to be successful.
- Avoid using the names of people or pets or other words found in dictionaries. Dates such as anniversaries and birthdays are also not suggested. Using such passwords makes it easy for dictionary attacks and certain other brute-force attacks to work on your account.
Read More: 5 Best Security Practices For Kubernetes
The Threats that Dismantle Your Passwords
Passwords are stored in encrypted databases. While it may not possible for cybercriminals to gain your password, they use various algorithms, to feed different attempts until they get the correct one. There are different methods that cybercriminals employ for the same.
Dictionary attacks use dictionaries which are word lists that are then checked for whether they contain the password. Brute force attacks are algorithms that combine alphanumeric characters and symbols to figure out the right password. Rainbow table attacks banks on predictable hashes. If the database uses md5 hashes, the cybercriminal creates another database filled with md5 hashes of predictable passwords. These are then cross-checked to see if they match. Another method is called guessing. This method guesses common words like pet names related to the user. Spider-Man attacks are done by creating wordlists from data available on websites like Facebook and Twitter.
With so many ways for cybercriminals to hack into your account only because of a weak password, the need for strong passwords can’t be overstated. Strong passwords with an array of random characters are the best. Password managers can be used to keep track of such randomly kept passwords. Another fact is that while the technique of replacing lookalike alphabets with special characters (E and 3, A and @, I and !, O and 0) used to work earlier, it isn’t as effective anymore.
How to Create Complex Passwords
Complex passwords consist of random characters whose arrangement is not predictable. Here are the steps to create a certain type of complex password.
- Think of a sentence or phrase which is at least 8 words long. It could be from a movie, song, book, or anything. The sentence should be something that you won’t forget and yet at the same time, be something that isn’t predictable by someone who knows you.
An example is “You’re Not The Only One Cursed With Knowledge”. Once you have a statement, take the first letters of each word, and Voila!, you have the starting bits of your complex password.
- Now randomly take some of those uppercase letters and replace them with their lowercase version.
- Now for the last step, take at least one of those characters and replace them with special characters, which may include numbers as well. Examples of special characters include 3 < , ? ~ | and # among others.
Now that you’ve got a complex password, create different complex ones for each portal as keeping the same one for all of them can make it easy for cybercriminals if they get access to one of them.
Contributors: Pranav k p, Labeeb Ajmal