Faster computer power has become more widely available, brought on by the advent of distributed computing. Password crackers have become more sophisticated, which means creating better passwords and managing them more efficiently has become more necessary than it has ever been. In the following article we’ll be looking at some of the best practices for creating and storing passwords and a few other tips and tricks that will improve your security online.
But, before we get into tips about your security, let’s look at how crackers can learn what your password is, so that you’ll be better prepared to secure against their attacks, knowing what their methods are.
Methods of Hacking
A dictionary attack is a brute force attack where crackers use dictionaries in order to find what your password is. Instead of just using letter and number combinations at random, the software will use specific words and combination of words in order to find out what your password is. In order to protect against this type of attack, you should always try and create passwords that have strings of characters that are not common, that do not form words, or if you do use words, break them down by inserting special characters inbetween.
Security question cracking
Many online services allow you to change a password or reset it, but before you do so, you have to input the answer to a secret so called security question; whenever you create a profile for an online service, you should always try and answer the security question of your choice with a “prepared” answer; say, instead of answering what your mother’s maiden name is, for instance, you should break the name down by inserting a few more characters. The trick though is to try and input something easy to learn.
Even when your password is not under attack via a dictionary attack, and even when your password is a string of characters that is hard to guess, you should always strive to increase the complexity of your passwords. Too many people use passwords such as 123456, or 1234, or passwords that are a pet/child’s name or something easy to guess. Try and produce a password that you can remember that no one else can guess.
Different passwords for different services
Always create different passwords for different online services. That way, if one password gets compromised, you won’t have to deal with a complete breach of security of your online life. Even more so, keep your work email, your banking passwords and your social media passwords different.
Be aware of social engineering hacks
Not all password theft is based on a brute force attack. Sometimes, hackers can get your password or some critical personal information via social media manipulation. They can pretend to be you on a social media site, by compromising your account and then asking others to perform actions or divulge information about you.
Basic security measures
While you might create the best password out there, store them securely, sometimes getting hacked can be as simple as allowing someone to see what you’re typing when you’re setting up a password or divulging your password to someone.
Even if you trust someone, you should keep your passwords secret, and also, when using a service on someone else’s device, you should always log off before returning the device.
Keylogging is also a threat, so, as a good extra measure, don’t use online services when you know or think that your PC/device has been compromised. Always use an antivirus software suite on your PC or smart device.
Change your password frequently
The frequency with which a password should be changed should be dictated by the sensitivity of the information protected by that password, and also, by the amount of attention that particular service (or you, personally) receives.
Therefore, an email address that you’re using frequently and that holds information that is very important to you should be changed with much more regularity than, say, a service that is not as important, nor as popular.
Also, take into consideration how much interest there is in your data – if you are in the public eye, you should increase the frequency with which you change passwords, as you might be targeted for an attack more so than somebody with a lower profile.
Whenever possible, if a service allows 2 factor authentication, or 3 way authentication, you should always use the extra step features. 2 way authentication mostly works by having you enter a code received via your phone. Three way authentication is less widely used and it relies on the user’s biometric input, such as finger prints, voice recognition, hand configuration, retinal scanning, etc. At any rate, it’s still long way from being widely used, but if it’s available it should always be used as it really diminishes the chances to get hacked.
When confronted with an escalating number of online services that you use, all protected by a password, it can get very hard to remember all the passwords you’re using. Thus, using a password manager application is a good idea.
LastPass is one of the most well regarded password storage service. It stores your passwords, inputs them for you whenever needed and has a strong two way master password. Some other notable services are RoboForm, Intuitive Password and Password Genie, which we recommend as well.
Should you store your passwords locally, on your hard drive or in your browser?
Almost all browsers allow you to store passwords locally, but, this can be an issue when the device you use is shared between multiple users, or when you travel a lot and the possibility of losing your device is high. So we don’t encourage this method of password storage. Also, don’t store your passwords in a .txt file on your hardware; hackers can get access to your device and then get access to your locally stored passwords.
5 best password examples
Do not use these, but ones similar in style.
Top 10 most common passwords
Do not use these, ever.
Image courtesy of vectorolie at FreeDigitalPhotos.net