07 May 2022 23:16, UTC.
Reading time: ~2 m
In today’s world, passwords are required everywhere – to log into social networks and email services, to interact with the government (for example, through the website Public Services)and banks, to work with cryptocurrencies, etc. Often users don’t think about the seriousness of the security of the passwords they use. Many people use the same passwords for all applications.
A strong password is a major obstacle in the way of intruders who might try to gain access to certain applications. Regular passwords, which users make up themselves and for which no modern password generation methods are used, can be guessed within a few hours. To avoid the risks of losing access to applications, you should use passwords that would be difficult for hackers using modern hacking methods to guess.
A user account vulnerability is one of the easiest ways for a cybercriminal to gain access to assets. In order to eliminate the possibility of losing assets, it is necessary to improve the security of the passwords used.
The table below shows how long it takes to crack a password by brute force (using software solutions for brute force). As you can see, strong passwords contain many characters, numbers and letters in different registers and special symbols.
Threats of password cracking.
Many users are skilled in creating passwords that are difficult to pick manually. But it is important to remember that nowadays nobody deals with manual password cracking; algorithms and special programs are used, which are much more effective than manual search. And passwords, which some time ago were considered difficult to crack, may turn out to be simple for electronic algorithms.
The main methods used by attackers can be sorted as follows:
Dictionary brute force.: programs use frequently occurring combinations. As a rule, users use passwords that can be easily remembered. Such passwords often overlap with dictionary patterns.
Social Engineering: People often use names, birthdates, addresses, pet names, etc. as passwords. This information is usually available on the social media page.
Brutforce attacks: All possible combinations of letters, numbers and characters are automatically searched. Short passwords can be picked up in a few hours, but long passwords are not easy to pick.
PhishingPhishing: Scammers send their victims links to fake sites or services that are completely similar to the real sites and services. Unsuspecting users enter their credentials and they become known to the scammers.
Data leakage.: quite often company databases are hacked and user information stored by them becomes available to hackers.
How to create a strong password
Here are some basic tips for creating a strong password.
The password should be long. It is recommended to use passwords that are at least 10-12 characters long, or better yet, even longer.
The password should be such that it cannot be guessed. Do not use passwords consisting of consecutive letters or numbers, like “12345” or “qwerty”, or consisting of common words like “password1”, they can be picked up almost instantly.
All possible kinds of characters should be used. You should use both uppercase and lowercase letters, numbers and symbols in your password. The more different characters in the password, the more secure it is.
You should not use obvious character substitutions. For example, don’t use the number zero instead of the letter O in your password. Password cracking programs are aware of such tricks and find them easily.
You should use unexpected and unusual combinations of words. Using combinations of unrelated words will make them harder to match.
Compose a password in such a way that it can be recovered but cannot be remembered. A forgotten or lost password is useless to the user.
Do not reuse password and for multiple accounts. There should be a unique password for each application. You should not use the same password repeatedly.
Use a technique that the computer can’t figure out. For example, a password of three 4-letter words in which the first two letters are replaced by numbers and symbols. It could look like this: “? 4ey#2ka? 6o” instead of “uleyrukalitso.”
Change passwords periodically. You should change passwords at least once a year, and once a quarter for important services.
Don’t keep passwords in files on your computer or phone. Don’t keep them written down on paper. And don’t save them in browsers auto-preset. Often passwords become available as a result of stealing files from the user’s devices.
Generate passwords using password generators.
Use additional protection in the form of two-factor authentication. Use, for example, Google Authentificator or a hardware security key.
You can use password managers to store passwords.
It is best to use a password consisting of more than 15 digits, symbols, and letters of different case.
An example of a complex 20-character password: [email protected]!uD*h4_c
Interesting fact: people are terrible at generating random words, so cryptocurrencies don’t allow users to come up with their own seed phrase when creating a wallet. If people could compose a secret phrase for a cryptocurrency wallet themselves, it would be easy to hack such wallets.
#Complex #passwords #ensure #security