The Guide to Password Security
August 08, 2017
Most people do not take the time or effort to make an effective password. In fact, 59% of people reuse passwords over and over or use simple combinations such as “123456”. It’s obvious you don’t want hackers to break into any of your accounts, whether it’s a social media profile or more costly, a bank account. As an average end-user, having a strong password is one of your best defenses against malicious hackers.
How do hackers hack passwords?
Most websites don't store their passwords in plain text, but rather encrypt them through a hash function. When you type your password in, it encrypts it and compares it against the stored code - if it matches, you're in. If hackers have access to the list of hashes, they can first try a brute force attack of generating random characters, hashing them, and checking for matches. A dictionary attack works in a similar manner; using dictionaries of common passwords to make the testing process take less time. A hacker could use software to add different rules to the attack - changing "e" for "3", changing case, and anything people might use - to make their efforts more thorough. On some websites, hackers wouldn't even have to use a data breach, they could simply have their computer input the passwords straight into the website. Other common tactics rely on human error. Phishing is a commonly known tactic where a hacker will set up a fake copy of say, your email or bank interface, and wait for you to type in your information. Hackers could also induce you to download a file that turns out to be a keylogger, allowing them to monitor everything you type. Once they see an email address, a tab, and a string of characters, they're in. Similarly, hackers can set up software to monitor traffic and queries sent over a public wi-fi network. These types of social engineering are important to watch out for - if you have a keylogger running on your computer, it doesn't matter how strong or complex your password is.
Strong Password Requirements
First of all, you should never repeat passwords across your different accounts. If a hacker figures out the password to one of your accounts and realizes it’s the same for all of your accounts, you have a big mess to fix. Try a password manager software to help you keep track of all your credentials. Use a combination of letters in different cases, numbers, and symbols in your password. Put a symbol randomly in the middle of a word, or use number substitutions that don't make sense. Make it confusing and difficult to interpret and difficult for a program to find. For example, "sw0rdfish" won't help you but, "x_ph8sGL9!dus" would be more difficult for a computer to guess. A rule of thumb is to never use common passwords such as, "123456" or "password". Again, replacing a letter with a similar number won't help you out as much either, for example, "passw0rd" can be just as poor as "password". If you're unsure about the difficulty of your password, secure password checkers are easy to find. How Secure Is My Password? will let you type in your password and instantly tell you how long a computer would take to crack it.
How often should you change your password?
You may think changing your password frequently is a good defense against hackers. However, studies are showing that it might not be so helpful after all. People don’t change their passwords drastically but instead, they “transform” them in small ways. Such as, someone might change a password from “Password1” to “Password2”. This defeats the purpose of changing a password in the first place, and it’s just as easy for hackers to get that information. It’s also likely that once hackers have access to an account, they’re going to take action as soon as they break in. It’s unlikely that changing your password every month is going to help much. People use passwords just about every day and with the increase in security breaches, it’s imperative to put more effort into creating strong passwords. Access One offers data services, cloud services, and more, to keep your business up-to-date and secure.