15 March, 2019
Why do you need to create a strong password?
Technology has shaped the world so far. At present, we can't even imagine our life without technology. There is no doubt, that these advancements have made the world a better place to live in. Parallel to this, when we talk about its positive effects, we can't overlook its consequences. We will certainly find some loopholes and 'Cybercrime' is one of them. Quite commonly, we hear about Cybercrimes. Some analysts round up the current security news and narrate their findings in these pages.
They had informed about nasty trend claiming new victims week after week — data breaches. In the last 2 months, they have reported on the Ticketmaster UK breach, the Macy’s breach, the MyHeritage breach, and the Equifax breach. And that’s only a few of them. Surely, you are thinking of 'what's the best way to create a strong password' to protect your a/c against these cybercrooks. If your passwords were also a part of the breach, you would like to change it instantly.
So, what we need to do???
Uncrackable passwords!!! is the solution. But before moving to that, first, we must understand the several ways password can be hacked so that you have knowledge about common methods being used today.
How does a password get hacked?
However, cybercriminals know various password-hacking tricks, but to purchase your passwords off the dark web is the simplest of all. There’s big money involved in the buying/selling of login credentials and passwords on the black market. Suppose, if you’ve been using the same password for a number of years, a possibility is there it’s been compromised. But if you are smart enough to keep your passwords off the aggregated black market lists, these criminals need to crack them. And in such case, they will make use of methods stated below.
BLUE FORCE ATTACK
With this, they try to guess every combination in the book until they hit on yours. These shrewd criminals automate the software to try as many combinations as quickly as possible. Anything b/w 9-12 characters is likely to be cracked. The thing we learn from brute force attacks is that password length is very important.
As the name suggests, in this method the hacker is attacking you with a dictionary. In brute force attack, hackers try every combination of symbols/numbers / and letters, whereas, in a dictionary attack, they try a prearranged list of words such as you have looked in the dictionary. If you use a password that is indeed a regular word, you’ll be affected by a dictionary attack. On contrary to this, if your word is uncommon or you use multiple word phrases, for say, ''LaundryZebraTowelBlue'', it will
outwit a dictionary attack.
The most abhorrent of strategy — 'Phishing' — is when hackers try to trick, daunt, or pressure users through social engineering into unintentionally doing what they want. A phishing email may inform you (falsely) that there is something not correct with your credit card a/c. Then, you will be asked to click on a link, that will then take you to a bogus website built to resemble your credit card company. The trickster stands by with bated breath, hoping the scheme is working and you’ll now put your password. Once you do this, they have it. Phishing scams may also try to entangle you via phone calls too.
Analysis of a strong password
Now, we have learned to some extent how passwords are hacked. Thus we need to create strong passwords that can
outsmart each attack of hackers. You can protect your password if you follow these 3 rules. Don’t be silly!! Stay away from the obvious. Don't use sequential numbers/letters. Come up with different passwords that don't involve any personal details like your name or date of birth. If you’re being particularly targeted for a password hack, the hacker will try everything in their guess attempts that they know about you.
Is it brute force attack?
Keeping in mind, the nature of a brute force attack, just remember these tips to keep the brutes at bay:
- Make it long — Use more than 15 characters, if possible
- Use a mix of characters — More you mix up letters, numbers, and symbols, harder the password will be for a brute force attacker to crack it.
- Avoid common substitutions
- Don’t use memorable keyboard paths
Is it a dictionary attack?
You can avoid the situation of a dictionary attack by using multiple words. As it will confuse the tactic. Never use a single word. Methods to create a great password:
* The revised passphrase method
* The sentence method
* The muscle memory method
Be wise to give your trust!!
Security-conscious sites will hash passwords of their users so that even if the data gets out, the original passwords are encrypted. But other sites don’t care about these. Before starting up a/c, creating passwords, and trusting a website with vital details, take time to assess the site. Does it have https in
the address bar, enabling a secure connection? Does it follow the newest security standards of the day? If not, think before you share any personal information with it.
2FA (Two-factor authentication) and MFA (multi-factor authentication) give you an additional layer of protection. In addition to the password, they need something, it may be the code sent to your phone, biometrics (fingerprint, eye scan, etc.), or a physical token.