Creating strong and unique passwords is essential. In the cybersecurity industry, the focus on passwords/passphrases is critical, especially when teaching employees internet safety best practices. Nonetheless, it is equally as important for everyone to know how to set a strong password, employee or not. Passwords are among the first subjects that are covered in cybersecurity training for a reason. The reasons for this are straightforward; a password is the most critical component of data safety. It is the main door that separates your data and the outside world. It is also the oldest known access process, still in use today by way of a simple username and password to directly unlock contents or data. What is shocking is that password hygiene, in general, is still statistically very low. This is especially shocking considering there has never been as much online risk as cybercrime and social engineering scams than at present.
Weak passwords are constantly exploited and can cause enormous overarching, domino-effect consequences. Simply put, a password is like the key to your car or house, it is a point you do not want to take lightly. This is why it is important to understand what can happen as a result of weak password hygiene and secondly what constitutes a strong password for peace of mind and good data protection.
Statistics and cybersecurity research indicates that a lot of password information belonging to users out there is dangerously basic, meaning that either the password is very short, does not contain enough unique characters, or is a commonly used password that can easily be guessed by external threats like hackers. The main reason for this is safety laziness and a nonsensical amount of trust in online services and brands. What is worse, people tend to repeat usernames and passwords across multiple accounts, making it easier for cybercriminals to breach multiple accounts and then branch out even further from there into other networks and into users’ computers. Hackers (blackhats) even have software programs (which are also available online from various sources) that are designed to cross-check passwords from several templates and databases that contain hundreds of millions of username and password combinations. These systems are automated, meaning that the hackers can simply sit back and run the program until after the combing process of millions of passwords is complete and some account breaches are successful (via brute-force attacks or password spray techniques.) Case in point: there is software available out there now that can try to guesstimate billions of passwords a second.
Other individuals that are not expert hackers, like phishers or scammers, will set up anything from fake Wi-Fi hotspots, fake websites to fake web surveys that will aim to socially engineer the password out of you over time. The same applies to seemingly innocuous scammers on social media, who are sniffing out usernames, emails, and passwords. Unfortunately, people have behavioral patterns and habitual patterns that cybercriminals note when designing password scraping programs. Things like pet names, family names and typical symbols used when creating passwords are all included in the algorithms of these malicious little programs that can successfully breach millions of accounts quite quickly and efficiently.
Ultimately, data that is breached can be sold on the dark web, used for blackmail or extortion, or theft purposes and there is ample evidence of these facts over the years.
Now that we can appreciate just how important a good password is, we can take a look at how to create such a password that will make it extremely difficult for a breach to occur. There are some steps to this;
- Creating a solid password yourself
- Utilizing a password manager to do it for you
- Adding more factors of authentication to both of the above steps
Avoiding easily predictable passwords is not that difficult, but unfortunately is not applied nearly enough among internet users today. If you want to create a good unique password (which you should do for each account you have and service you use) consider the following steps;
- Avoid personally identifiable information in your passwords
- Avoid popular topics
- Avoid short passwords
The key to a good password is randomness. The more random it is, the better it is. This means the password must include;
- As many consecutive unique characters and symbols as possible
- No character repetitions
- A password that is as long as possible
To put this into perspective, a visual representation of this would be something like the following; 1@#_+’;[;mgnjhGASDH.,kjere5%&^/,,.,’/:’;];PI. By comparison, a weak password looks like this; JaneDoe12345! Secondly, a good premium password manager can help create a custom randomized password for you, that has already been verified as being as unique as possible. Of course, it is up to you whether to trust an app or software program with your passwords. Finally, if the service or account you are accessing supports 2-Step or Multi-Factor authentication, which adds an additional unique component to the login process such as a code sent to your smartphone or secret passphrase, then definitely apply this everywhere possible.
In general, you should always be aware of who can look at your screen in public. Secondly, you should have a premium anti-malware installed that can detect any programs that log your keystrokes on your keyboard. Thirdly, using a secure browser like Tor or a VPN solution will secure your connection itself making it difficult for any password interception in transit to occur. Finally, any information that you share on social media that is very personal can always be linked to hackers trying to guess your credentials manually. Keep your passwords are written down and offline -where digital threats cannot get to them. These processes may be tedious, but the price of a data breach and the compromise of your data pales in comparison to spending a little more time tuning your fundamental online safety.