It is a common understanding that passwords are supposed to protect our accounts. But how much does your designated password protect you and your information? If the bad guys come hacking into your personal and corporate accounts one day, how sure are you that it’s going to be a tough job for them? Let us help you assess how easy it is for a hacker to take a quick guess of your password.
Your password is your first line of defense from wrong doers in the digital world. And yet, it is something that we often overlook and take for granted. When was the last time you spent a dedicated amount of time to think about what password to use for your new account? We often just use a single password across all of our accounts to save us the time and effort. Am I right? This is a definite no-no! Using a single password for all accounts is just making a hacker’s job much easier. So what is the best way to manage passwords and protect your accounts?
In order to plan for an effective account protection strategy, let’s start with a rundown on how hackers guess passwords:
1. Wild guess
Although you can’t really call it ‘wild.’ These hackers are trained to squeeze the juice out of your public information just to get a list of sophisticated guesses to your password. They use sophisticated programs and procedures to ultimately catch that one ticket into your personal data.
2. Shoulder Surfing
Sadly there are lurkers who discreetly stick their heads out from behind your shoulder as you type in your password, prying on what you type and browse. Don’t underestimate them – always be cautious of who can see your information in your surroundings.
3. Dictionary-based attacks
There are some hackers who are so hard working that they would endure matching your personal data with every word in the dictionary. Yes, they exist. They would browse through every possible word to partner with, for example, your birth month, in order to guess your passwords.
Be careful of strange emails that you find in your inbox – this might be a phishing attack. They might be schemes sent by scammers who are trying to lure you into clicking and opening malicious files that intend to steal your personal information. As of October 2018, phishing activities has already cost victims $47,676 of loss this year (source: scamwatch.gov.au). So beware of being tricked into opening an email about winning a brand new car and clicking on links.
5. Brute-force Attack
As the label implies, it’s a pretty vicious attack on your accounts. All the hacking techniques mentioned above are used on your account to track your keystroke and eventually get whatever important data can be stolen from you.
Knowing these hacking strategies and your current password choices, can you confidently say that your accounts are safe? Now that you already have an idea how cyber criminals do it, here are some ways on how you can minimise your risks:
Password Security Tips
1. Create a password with at least 8 characters.
I know people will usually recommend starting at 6 but, it wouldn’t hurt to add in two more characters if it means increasing your security because nowadays, the longer your passcode is, the more time a hacker needs to spend cracking their way into your account.
2. Make use of a variety of lowercase and uppercase letters, numbers and special characters.
To make it harder to track and follow your keystrokes, you might want to utilise as much letters and characters as you can.
3. Never use your personal data in your password. Remember how hackers can ‘guess’ well?
Remember that most of the time, the people who are trying to hack their way into your account already know enough about you. Don’t use a word or phrase that can be obviously related to you.
4. It’s better if you don’t use real words.
What I mean by this is that you can use words that are hard to “guess” and identify. Maybe use that one phrase you came up with in primary school that nobody understood.
5. Make random patterns that hackers will have a hard time following.
Hackers can track your keystrokes in order to decipher which letters or characters you are constantly using. Making your password random can help minimise the risk of getting your usual password input tracked and followed by cyber criminals.
You can also have a look at an infographic of an anatomy of a secure account to have a more comprehensive view of how you should be securing your accounts.
Don’t take your password for granted and take the easy way out, rather than thinking of a good one. And if you’re like me who tends to forget anything (and everything), including passwords, there are tons of useful tools and apps that you can use to store your precious security passcodes.
Here are some of the more well known password management programs.
One of the top on the list of best password managers. It features advanced hashing that provides a secure haven for your passwords. It runs across a wide range of operating systems and is free of charge unless you want to buy Premium subscription. Having the free version is not bad at all with 2 Factor Authentication feature and a robust password generator.
Aside from keeping your password safe. Dashlane also has a feature called digital wallet where you can safely manage your credit card information so you can securely make online purchases. It also allows you to sync your data to the cloud so you can access your passwords wherever.
It is one of the most user-friendly password applications in the market. It may look a little outdated but works as well as the other ones already mentioned. It provides secure management for an unlimited number of passwords. It is free of charge unless you upgrade to premium then you can sync your data into different devices.
It is an open source software (which means it’s free!) that features 2-Factor Authentication, end-to-end encryption and enables syncing to multiple devices without limits. It also boasts a password generator and runs through multiple operating systems.
At Grassroots IT, we recommend the BEST way to protect your accounts is using Multi Factor Authentication (MFA). So that even if the hackers guess your passwords, they still need a real-time authenticator to get into your accounts. Read more about that over here.
It can be easy to overlook such a thing as your account passwords but we really do live so much of our lives online these days, that it’s become increasingly important to be vigilant about protecting our personal information and corporate data. If you need any help setting up some additional security for your personal accounts, don’t hesitate to make a time with us.