Strong & Secure Passwords

Strong & Secure Passwords

Strong & Secure Passwords

How many password-protected accounts and devices do you have? That’s a lot of passwords to remember, yet they are needed to keep your information protected. Your personal information cannot be kept secure unless access can be restricted to it. Here’s where passwords come in- they are a simple and convenient way to prove your identity and grant you access to your data.

For you to access the online service you want to log into, both you and the provider must have a copy of your log in information. When you enter your username and password, the provider will check again the database of usernames and passwords they have saved in their servers. If what you entered, matches what they have- you get in. These servers are filled with sensitive data and are prime targets for cybercriminals- just one successful hack can grant them access to hundreds or thousands of accounts.

For this reason, service providers use what is called a hash function to encrypt passwords before storing them in their servers. A hash functions changes the password into a new combination of numbers, letters, and symbols called a hash value that looks nothing like your password. Hash functions scramble your passwords and the new values are irreversible, so if a hacker was to get a hold of it, they wouldn’t be able to decipher your password. Unfortunately, even with hash functions, our passwords remain vulnerable to cyberthreats.

Common Threats

1. User Disclosure- sharing your passwords with people you consider trustworthy. This is an unnecessary risk as they may accidentally disclose it to someone who you wouldn’t want to have it, so never:

    • email or message your passwords to someone close to you
    • keep your passwords written in an easily accessible or highly visible area
    • save them in a file with an obvious title in your computer

2. Social Engineering- this happens when cybercriminals create a social situation that encourage people to share their passwords. Phishing is an example of social engineering that happens over email. You receive an email that seems to be from a trusted institution you do business with asking you to verify information, but don’t fall for that, no business should be asking you to share your account passwords over the internet,  phone, or email.

3. Key Logging- this is a bug that keeps track of every stroke made on your keyboard and can be found in the form of hardware or software. As a hardware, it will be a small discreet device that plugs in between a computer’s USB port and the keyboards’ USB plug; beware as it can blend in well. As a software, it is a computer application that is unintentionally installed when visiting unsecure websites.

4. Wireless Sniffing- this happens when connected to public wireless networks, hackers within reach of the public network can intercept the information that is sent back and forth between your computer and the public router.

5. Guessing- also known as brute force, is when cybercriminals use a computer to try every possible combination until the right password is guessed; keep in mind, they start out by using popularly used passwords or publicly available information about you. Websites can help make it harder to guess passwords by requiring a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) verification; this test makes it hard for computers to interpret the CAPTCHA to login and denies them access even if they have guessed the correct password.

6. Security Questions- if you happen to forget your password, websites often ask security questions to reset it. Unfortunately, these questions are often easier to guess than the passwords themselves. To prevent this, you can either lie or add a string of characters at the end of the correct answer.

How to Create Strong Passwords

Passwords need to be strong and memorable, but not so complicated that you can’t remember it. Below are several ways to do this:

  • Basics: make it long (at least eight characters long) and use a mix of characters.
  • Make it tell a story.

We started in the IT and cybersecurity industry in San Diego in 2015
Password example:
IT@sd2015

  • Exchanging letters with symbols that look similar; like ! for an i or 3 for and E

Password example:
ilovestrongpasswords to !lov3strongp@sswords

  • Think of a sentence and use the first letter of each word as the base. Then substitute some of those letters with symbols and add a meaningful number.

Password example:
i love strong passwords  to  ilspw  to  il$pw2015

  • Using sound alikes for conventional spellings

Password example:
I love strong passwords  to  Eye<3strungpw

  • Using symbols to separate words

Password example:
IT is great!  to  IT.is.gr8!

Tactics to Avoid

This are the ones hackers will try first when trying to log into your accounts.

  • Keep in mind that hackers research you before they try to guess your password, so any password related to anything you upload online will make for a weak password.
  • Don’t use simple passwords that use keyboard patterns or obvious/commonly used words

Example of weak passwords:
Password, 12345678, asdfghjkl, letmein

How to Manage Passwords

These are golden rules of strong and secure password that we’ve all heard countless times:

    • It’s good to create a strong, unique password for each of your accounts and devices
    • Change your password frequently
    • Never, ever write down your passwords

However, it is practically impossible for us to remember them all without some help, so here are some tips on how to manage your passwords:

  • Securely record your passwords:
    Avoid writing it on a sticky note and taping it anywhere that is easily accessible or storing it in a text file in an obviously named folder since computers can be searched easily. You could write them on a piece of paper and store it in a secure location; don’t label them as “passwords” and don’t clearly label them as to what password goes to which account.
  • Rank your passwords:
    Rank your accounts into three tiers.

1st tier: accounts with the highest stakes like your primary email and financial accounts- choose a strong unique password for each account and change passwords every six months.

2nd tier: medium stake accounts like your social media accounts- choose a strong unique password for each account and change them annually, but cycle through them to make it easier to remember.

3rd tier: accounts that have little at stake like subscriptions and membership programs- choose a strong password and share it between these accounts while only changing it if it becomes compromised.

  • Use a password management software:
    • Most web browsers have the option to save your password and fill it in every time you try to access your accounts. This makes it easy and convenient for you to access your accounts, but also for anyone that uses your web browser, so it’s a good idea to password protect your web browser if you use this option.
    • Use a trusted password management software to keep your list of passwords protected like our PassVault solution. This is an encrypted digital vault that keeps your identity, credentials, and sensitive data safe with features like:
      • Multifactor Authentication
      • Single Sign-On (SSO)
      • Password Management
      • Dark Web Monitoring

Learn more about our PassVault solution by talking to one of our security experts, we’ll be happy to schedule a demo with you to show you the exceptional value in a single solution for a modern cybersecurity essential: secure access to data.