Your password tricks aren’t protecting you from today’s hackers
Passwords are not a new thing as they've been around from the early 1960s. They help prevent unauthorized people from accessing files, programs, and other online resources. Of course, if you use them based on the best practices.
Cybersecurity experts remind us to use strong and unique passwords referring to the same best practice guides. Despite this, passwords are still one of the top reasons for data breaches. You will ask why? The answer is simple, most of these guides are leading you in the wrong direction.
What do we know about good passwords so far?
The Internet is full of guides on how to create strong passwords that protect you from brute-force attacks. And usually you will be advised to:
Use 8 or more characters. The more characters, the better;
Mix uppercase and lowercase letters;
Add some numbers;
Include at least one special character, such as .,! @ # ? ];
Mix lookalike characters to protect against password glimpses. For example, the letter O and the number 0, the letter S and the $ sign.
There is nothing truly wrong with the above list of to-dos. But nothing stops hackers from applying exactly the same patterns. They add various language dictionaries, even urban ones, numbers, special characters into their database. And if your password is something like Password12345! – it will take them roughly 10 minutes (depending on the algorithm they are using) to crack it.
What do we need to avoid in our passwords?
Creating completely uncrackable passwords is getting almost impossible. Reduce the chance of your password being compromised by avoiding the following bad practices. Sometimes that's all you need.
Don't use words you can find in the dictionary, especially if your password is made out of one word;
Don't reuse passwords listed in various articles as strong password examples;
Don't use your name, birth date or any other personal information;
Avoid keyboard patterns, such as 12345 or qwerty;
Don't use common acronyms, such as ASAP, TLTR or PANS;
Don't use repeating characters, such as 555;
Don't use passwords that were used in various guides as a good password example.
And above all don't reuse the same password on other platforms.
What can you do to make hackers work harder?
Make your password out of a sentence, this way it's easier to remember it too. It could be the first line of your favorite song or a random sentence. For example: Zaragotnicetrousersonsalefor$49.99 or Causeifyoulikedit,thenyoushouldhaveputaringonit (and yes, it’s the first line from Single ladies by Beyoncé).
Use password generators to generate strong passwords.
Enable two-factor authentication (2FA) where possible. It adds an extra layer of security that is difficult for hackers to crack.
Change them periodically - once every three to six months. And we mean changing it, not just adding an additional number or character to the end of the current password.
Be cautious with your passwords and never leave them exposed in any obvious places. Hackers are not some mysterious species living in the dark, they can be ordinary people around you.
Be vigilant when using computers in public places, such as libraries or cafes. Consider using a VPN. And never save your passwords on a computer that is used by more than one person.
Be cautious where you store your password. Don't store your password in a plain text file on your computer. Consider using a secure password manager, they can help you remember, manage and store your passwords securely.
Using stronger passwords won’t keep you secure from all the threats out there, but it’s a good first step in the right direction.