Access link has been sent to your email/mobile Thank You!
Don’t have your account yet?Sign Up
In this day and age, with so many events of our lives taking online, passwords
guard so much of our sensitive information. This means that protecting our
online data effectively has never been more important, particularly as the rise of
the digital age and the development of increasingly sophisticated technology,
leaves much of it vulnerable to intrusion from cyber-criminals.
Every year, internet security firm SplashData releases a list of the most common passwords that people use. Classics like ‘123456’, ‘123456789’, ‘qwerty’ and ‘password’ top the list every time, demonstrating how so many of us still are not ensuring our data is adequately protected. Here, we go through our top tips on keeping our passwords as strong and secure as possible, to give you peace of mind that your sensitive digital data and precious accounts are safe from the prying eyes and thieving hands of hackers.
Hackers use many different methods to try to access your accounts and personal
information. The more sophisticated method that is used frequently is known as
a “brute force attack,” as users of such attacks do not rely on a systematic
approach to crack your password, instead employing guesswork to pin down the
right combination of symbols. They are also known as “exhaustive searches”
because the technique exhausts all password options, narrowing it down by
process of elimination until the correct one is found. To do this, cybercriminals
utilise a computer program to run through all possible combinations of symbols
in order to finally arrive upon the right one.
To avoid making your passwords susceptible to such attacks, one simple thing to do is to increase the length of your passwords, as adding more characters increases security exponentially. For example, if you have a simple and common password with 7 characters, such as ‘abcdefg’, this password could be uncovered in a millisecond, but even adding a single character, ‘h’, boosts this time to 5 hours. Add another 4 characters to make the 11-character password ‘abcdefghijk’, and the decode time increases to 1 decade. Of course, different hackers will utilise different approaches to their brute force attack, and as technology improves, so does the tools at the hacker’s disposal. However, it is clear that simply increasing the length of your password makes it much more difficult for a hacker to figure out.
GMX’s research into password security in the UK found that 21% of people use
personal information in their passwords. While an easily memorable password
may be sought after, it is important to remember that a password which anyone
who knows you is able to identify, is certainly not secure. In the age of the
internet, a lot of information is also easily accessible online, so avoid using any
info which may be available on social media or elsewhere on the internet.
Information such as your birthday, a family member’s birthday, your anniversary,
address, place of birth, school or pet’s name is best avoided. Brute-force attacks
are not the only method hackers employ; many cyber-attackers will mine for
information to personally target their victim.
Not only that, but personal names and dates are prime material for software to decode easily, as they follow a regular and predictable pattern, and they are extremely common passwords. For example, you might be tempted to name your password after your treasured ‘Fluffy’, or after your anniversary ’26.01.1992’, but it is almost guaranteed that these phrases definitely will have significance to thousands of other people, too, and thus are likely to be decoded faster than passwords made up of a string of random words, even if they have the same number of characters.
Although length is certainly an asset, long passwords are still susceptible to so-
called “dictionary attacks”, as hackers tend to add commonalities in passwords
to the index of their hacking program. Many people use passphrases as opposed
to passwords, in an attempt to make their passwords more secure. However,
according to a recent study from the University of Cambridge: "multi-word
phrases, if chosen naively according to natural language tendencies, are not as
effective at mitigated guessing attacks as alternate choices, such as choosing 2
random words or choosing a personal name at random.”
The most secure passwords are random sequences of varying characters, including both upper- and lower-case letters, numbers and non-numerical symbols. For example, although ‘KiaXceed’ may not be a dictionary word, and may be assumed to thus be secure, it is made up of proper nouns which are catalogued online and are easily guessed. Something like ‘My20XceedIsSilver’ is significantly more secure, but is still fairly easy to remember, for an owner of a 2020 Silver Kia Xceed.
GMX’s research into password security in the UK found that 64% of people use
the same password for some, or all of their online accounts. So, in all likeliness,
you use multiple different online accounts, and you probably don’t have a unique
password for them all. This is because, given we may have to access a whole
number of accounts during our day-to-day lives, it is tempting to minimise the
amount of information we have to remember.
The difficulty is, all it takes is one website you used to be hacked, and multiple of your accounts are compromised. Hackers often target large companies and conduct large-scale operations to expose thousands of data. For example, Yahoo! has been the subject of multiple of these hacks, in particular, a 2013 data breach meant that hackers were able to access all 3 billion Yahoo! accounts. In such events, hackers often expose thousands of emails and passwords, meaning that any accounts on other platforms registered under the same credentials are vulnerable. Ensuring you use different passwords on every site you use eliminates this worry.
Further, changing passwords frequently is also of the utmost importance, particularly if your credentials were exposed under such a data breach. As well as this, as time passes, previously secure passwords become weaker and more vulnerable to cracking under the scrutiny of brute force attacks, as technology becomes more advanced. For example, a password which would take over three years to decode in the year 2000, would only take just over a year to be descrambled by 2004, and by 2016, the same password could be pinned down by hackers in just 2 months. Changing passwords regularly eradicates any concerns that your previously strong password may have faltered, and also ensures that any prior data breaches cannot impact your accounts later on. Consider using a Password Manager
In light of all these recommendations, you may feel overwhelmed. Since it is best to ensure your passwords are long, random, different for every account and changed frequently, you may worry about keeping hold of them all, and thus, potentially losing access to your accounts. This is where utilising technology can step in; a Password Manager is a tool that stores your login data for multiple accounts. They function by digitally storing your account information on your behalf in an encrypted form, hidden away from the prying eyes of cyber-criminals. Your precious passwords are kept safe, and only you can and access them using your master password. Such services can also auto-generate unique and complex passwords for you, synchronise them across your other devices, and monitor your password behaviour to make sure your habits are safe and your accounts stay uncompromised.
Using such a service helps to automate the process of keeping yourself safe, removing the burden from your hands. As we have seen, humans have a tendency to create passwords which are easily cracked by an algorithm or other hacking tool, as we like to use information which is easily memorable and important to us, and we often reuse passwords, or even keep the same ones for years. In a time where cyber-crime is unfortunately on the rise, a Password Manager can be an easily accessible and extremely useful tool at our disposal in our endeavour to keep our personal information safe and secure.