How to Create and Manage Secure Passwords
By Johan Curtis 8 minutes
For years, we have been told that password security is vital for our internet privacy and we should have complicated passwords for each account, using numbers, upper and lowercase letters, punctuation marks, and other symbols. Despite them being hard to remember, we are also advised to never write our passwords down anywhere and always update the passwords frequently. Most users compiled – by either capitalizing the first letter of the password, adding a number or their date of birth, or perhaps adding a symbol at the end of their passwords.
People don’t really remember different passwords, so they instead reuse one or two similar passwords for different accounts every time. And when they are asked to update their passwords, they again use the same trick all over again. These common password tricks are so common and are now easier for attackers to identify and break your password.
It’s not just about your password is weak, hackers use different other tricks and take advantage of the vulnerabilities of the internet, making it easier for them to hack your account very easily. But first, let’s talk about how you expose your passwords to these hackers and how you can prevent from doing so.
How are Passwords Exposed?
Before trying to figure out how to create a secure password, it’s important for you to know why you need a secure password for your accounts. Although, you may ask “why would anyone want to hack your account?” According to stats, when we are on the internet publicly sharing information, there is a 33% chance that we can get hacked.
However, there are a number of ways your passwords can be compromised.
Someone’s Out to Get You
Most of us believe that we are completely safe and protected over the web. Our modern society has enabled us to make use of so many websites for our personal and private use. When you consider the chances of someone getting hacked at a certain time, it’s hard to not think of this happening to us as well. The thing is, there are so many people who are always trying to get into your personal life. If they know you very well personally, they will be able to guess your passwords and use the password recovery option to get into your other accounts.
You become The Victim of a Brute-Force Attack
Whether the hacker tries to get into a group of user accounts or just one, the brute-force attack is the best strategy for cracking passwords. The attacker will check all the possible passphrases, character combinations, using capitalization, upper and lower cases, your date of birth, your car registration number, etc., until the correct password is found. If the hackers understand the rules used in creating the password, a brute-force attack becomes easier to execute.
This attack will also try the most commonly used alphanumeric combinations including zxcvbnm, asdfghjkl, and qwertyuiop.
Theoretically, the hacker will be able to crack the password by using a brute-force attack. However, the difficulty and longevity of the password will make it difficult for the hacker and could take an even longer time to crack. Using variables or symbols like $, &, (, or ), and the task will become extremely difficult.
There’s a Data Breach
Nowadays, every person has at least one or two devices connected to the internet, from phones to TV to teddy bears. With this number of devices connected and the double number of accounts created with them, more and more data is now being stored on websites and social media accounts. And not every website is doing a good job in protecting our information, making it vulnerable to attacks.
Even though we all have stored a great amount of our personal information online behind password-protected accounts, thoughts of a data breach haunt many of us to whether our passwords can protect us. Every other month, company after company reports of a data breach in their system that results in millions of accounts being compromised.
If there is a data breach, make sure that you are able to log into your account, if you can change all the credentials. If you can’t, use recovery options and maybe you will be able to recover your ID.
Use a Password Manager
The password manager is a great tool to protect your email accounts. It stores all your passwords and fills out login forms for you. If you want a secure password for your email and social media accounts but don’t wont to memorize them, the password manager is the best option, to begin with.
There are many password managing applications, one of the most popular ones are 1Password and LastPass. However, most of the password manager works similarly. Apart from applications and software to manage passwords, there are also browser extensions that automatically logs you into your accounts when you browse the web.
The only thing that you will have to memorize when using a password manager is the “master password” of the app. This master password unlocks all your passwords. So, you need to super-secure your master password by composing it of at least 10-14 characters to ensure that it is not vulnerable to any kind of attack. Most password managers like 1Password and LastPass have a mobile app, so you can always access your password instantly when singing into your accounts.
Password managers are a huge headache-savers and when you use it, you will realize how useful they are. So if you haven’t started using one, then do it immediately!
Reusing the Same Password
If you reuse a single password on different accounts, you may end up being a target of hackers. It becomes really easy for hackers to attack multiple accounts if you use the same password for all of them. Hackers use a password cracking program that is designed to find the similarities between different passwords, and having a single password for different accounts makes it much easier for them to crack, leaving your accounts vulnerable to attacks.
Use a combination of words, numbers, and symbols randomly
Most people create their passwords using info that they put on their social media accounts such as birth date, favorite celebrity or movie, pet name, etc. Since such information can be public and is easy to find, it is always recommended to avoid using them during password creation at all cost.
Your password security is too predictable
A good way to avoid getting into the hands of hackers is by creating a unique phrase that can be shortened into an acronym using the starting letter of each word. You can also replace letters with visually similar numbers such as 1 for i or 3 or e, or symbols like $ or & for s. For example, the phrase “only I can access my social media accounts” would turn into “[email protected]@”. Since the acronyms doesn’t mean anything, it is harder for hackers to crack.
Password shared with a friend
Although it is common sense to avoid such practice, it’s really surprising to see how open people are in sharing their passwords with their friends and family. Beware! The more you share your password with other people the higher you risk your accounts getting hacked.
Your password is on Worst Password List
Never, and I repeat “NEVER’ use passwords such as “12345678’ or “abcdefgh”. Using such poor password will set you up to fail, and in no time will you be targeted by hackers.
On the other side, a recent research suggests that around 75% users have their lock screen passcode start from the left top corner of the screen. These poor password patterns aren’t just easy-to-remember for you only, but it is also easy for hackers to crack it. It only takes a few seconds for expert hackers to expose these passcodes.
All in all, using a simple and common password (like the ones mentioned above) is stupidity and can lead you towards an evident attack.
Multi-factor authentication provides an extra layer of password security to your accounts by requiring another method of authentication over your current password. MFA is always recommended by many professionals. It uses two or more credentials such as something you physically have (like a cell phone), and something you know (password).
Of course, it’s not only our responsibility to keep our confidential data secure, it’s also the duty of all those websites and companies with access to our sensitive data to keep our information secure. It’s of no use for us to keep our credentials safe and hand them to someone with zero security plan in place. Not just this, know more about security, WordPress security services from WP Buffs