The Newest Password Protection Tutorial
Although cybersecurity experts have long been sounding the alarm, users still prefer convenience over the reliable protection of their data. They use the same passwords on many websites, use the same code throughout their lives, and – in the worst cases – don’t lock their devices with passwords.
Previously, we’ve touched upon the problem of password protection. If you’ve missed something, you can find the article here.
Every year, we see a ranking of the passwords that internet users have used most often in the last 12 months… And, unfortunately, the conclusions are depressing – users keep stepping on the same rake.
According to the UK’s National Cyber Security Centre, the most commonly used combination to protect accounts was the classic 123456. The next places in the rating are taken by banal equally options: 123456789 and the word “qwerty.”
From the point of view of hackers, this scenario is ideal, as it provides easy access to the user’s private resources. If you are still using a simple password, you should change it immediately! However, at this point, you should ask yourself: what kind of password should I use to protect myself?
Pay attention to our cybersecurity checklist to protect your personal data.
Why is password protection important?
Of course, it is necessary to protect information about yourself, not only for those who have “something to hide.” A password is a key to social networks, and no one would be happy if any actions were performed on their behalf by a stranger, or even worse, if all information were erased from their page. Passwords also give access to our mail, electronic wallets, and electronic banking services.
Protect yourself from social engineering attacks!
And this is not just the paranoia of sensitive and timid users! More than once it has happened that an ordinary hard worker, possessing no more wealth than any others, was robbed. Even relatively small amounts were withdrawn from their accounts. And all this by simply hacking online.
So, we can distinguish two main reasons for the importance of using passwords and protecting the information on your computer from various threats:
- unauthorized access
Follow these methods of cybersecurity to protect your data from leaks.
- various viruses and malware (coming mainly from the internet)
What’s the difference between a virus and a worm? Read this article and consider each of them in detail.
How do hackers know your password?
Everything is bought and sold on the “black market” of the Deep Web. And one of the most popular products is passwords to email accounts and accounts on various web sites. If the attackers get access to the “live” email address, they have a chance to take over the victim’s accounts in social networks, online stores, and paid services.
Periodically, there is news that another database of user passwords has been released into the network from Facebook, LinkedIn, Telegram or other services. But how? Often, hackers first gain access to user passwords on niche resources. These can be online stores, dating sites, file sharing sites, online libraries, etc.
Protect yourself from phishing attacks!
It is good if the passwords in the hacked databases turn out to be encrypted. But often medium-sized sites store passwords in the form specified by users. With an encrypted password, which may look like this: [7)2iD7@45Na§ke689dmpf84zh and], attackers will not be able to log in to the account. However, with an open password like [helloworld!777] it is easy.
Despite warnings that the password must be complex and unique, millions of people ignore this rule. Having a single password, they use it on all other resources on which they register. As a result, some stolen account passwords will also allow access to the user’s mailboxes and other accounts.
An attacker, taking advantage of people’s frivolity in this matter, will try to log in with the same username-password bundle on other sites – in social networks and email clients. If they are lucky and the password matches the email account, the thief will find emails from banks, payment systems, stores like Amazon, and so on. Next, they will try to change your password, withdraw your money, or pay for purchases with your cards linked to your accounts. Or they may use the details they have gathered to launch a social engineering attack against you.
What is a good password policy?
The Center for Internet Security (CIS) has posted recommendations for creating a password policy.
Here, you can view the original document. However, right now, let’s look at the main points:
- Where possible, it is recommended to use multi-factor authentication (MFA), in which the user must present more than one piece of evidence in order to log in. Generally, the degree of security provided by various authentication methods is shown below in ranked order.
- MFA is the most reliable option, and you should try to implement it by default.
- Password Managers, which can create and remember complex alphanumeric combinations that have no connection to a user’s personal information, significantly improve password security.
- Passwords made up by the user: this is the last resort when other options are not applicable.
- Unfortunately, there are still many systems where MFA is not supported, so it is unlikely that you will be able to get away from passwords completely. Also, in multi-factor authentication, a password/code is normally used as one of the factors. Therefore, a password policy remains essential for all organizations.
*The document also provides recommendations for composing “passphrases” (rather than “passwords”).
- You can use the password policy recommended by the CIS.
*The document goes on to provide a justification of why such rules should be used and links to an extensive list of sources used. I highly recommend that you read the CIS document yourself and use it in your password policy.
Which is the strongest password?
Everyone always wants to create a password to remember it easily, potentially even for all their life. This pushes us to the grossest mistake in the “world of the internet.”
After all, the most popular method of “hacking” is selecting your password by using your personal data. An attacker will start viewing your data on the internet like the first name, last name, date of birth, the names of your parents, sisters and brothers, favorite hobbies, animals and other information about your life.
After that, the identification of the password by the “brute force” method will begin — a systematic attempting of all possible options using your details.
Below, we’ve listed some examples of strong passwords, which are almost impossible to pick up by such methods.
VS «? 1vE
1; uRva3’ t
*Don’t forget that eight characters is the least that is needed for protection. The longer your password is, the harder it will be to pick up.
We’ve taken 10 symbols: 0000000000 (initially we will start with zeros), and from this point everything is at the mercy of our imagination. We can play with the symbols of familiar combinations but sort them correctly.
Stage 1: (00000000) — Now we’ve replaced the beginning and end of the password with special characters – brackets, which are not difficult to remember.
Stage 2: (o0n0t0a0) – Next we’ve taken the name of the village from our childhood, “Onta,” and written it with an interval of one character between the letters.
Stage 3: (O0n0T0a0) – At this stage, we’ve changed two letters – “o” and “t” – to uppercase. This significantly increased the reliability of the password.
Stage 4: (O1n9T9a2) – Now we’ve replaced the zeros with the date 1992, which I remember well.
It seems that there is nothing complicated, just four consecutive actions, and it turned out to be a fairly complex password which is not difficult to remember at all. And it is very difficult to choose by the brute force method.
Rules for creating secure passwords
Follow these rules for creating strong passwords:
- Don’t use the same password in many places. Although multiple passwords are more difficult to remember than one, this diversity significantly increases our security in the event of a data leak. The chosen passwords should also be relatively long – try to target 10 or more characters! As a result, the number of possible combinations clearly increases, not only reducing the risk, but also increasing the time required to identify a password.
*Note: The absolute minimum is eight characters, and any password below this threshold is an open invitation to a cybercriminal!
- Use different types of characters – numbers, uppercase and lowercase letters, and special characters. Although not every page allows such options, where it is acceptable we should use them every time. This significantly increases the level of security! However, do not overdo it – if you are not going to use external software (more on this later) and want to remember all the passwords, then you need to create codes that you can easily reproduce from memory. It is worth using sequences that connect us to some personal events or expressions.
- Entrust the creation of passwords to the machine. In other words, use so-called password generators. Even the simplest versions of programs can create such complex combinations that it will take years, not days, to find the password! Most applications offer the user the ability to independently specify the range of characters used and the password’s length. After clicking on the corresponding button, we get a reliable, complex, and completely random code.
- Use password managers. These are programs that store all our passwords in a special and highly encrypted disk space. Below we list some of the most interesting ones.
- LastPass is a program that works closely with all popular web browsers. Although most browsers allow password autofill, we only enable this process for those who know the special code with LastPass.
- KeePass Password Safe is a popular tool that has won popularity among users for its simplicity, intuitive interface, and very good security. The program, of course, stores and encrypts all passwords locally.
- Sticky Password is a powerful application that allows you to manage all your passwords conveniently. Additionally, it has a built-in advanced generator that can be used to create safe random combinations.
Sooner or later, every Internet user faces the question their data’s security. And this is not surprising because we hear constantly about hackers and fraudulent attacks in the media. People want to protect their personal information, their money in electronic accounts, and other valuables, for which they need the most secure password protection.
Are you working from home? Follow the best methods of data protection during coronavirus.