Strong Passwords
Strong Password Protection
Most computers today use the digital equivalent of a lock and key access (security) system, otherwise known as a login and (password protection) scheme. The login and password are analogous to the correct key or combination that opens the lock to a door. Like a thief stealing or copying a key or combination code, if a hacker happens to steal a user's login and (password), they can then get full access to the computer. Passwords are a potentially major source of failure and an (information security) headache for any organization that uses computers. This is because many people use weak passwords that are easy to guess, making it easy for unauthorized users to enter the system and cause damage. There is no perfect system for password generation or protection, however the harder a user makes it for a hacker to gain access to their password, the more likely the intruder will seek another target instead.
Consequences of Poor Password Protection
To demonstrate the dangers of a weak (password), in 2008, a Skype user accidentally broke into the Bank of France by using the password "123456". He didn't steal anything and when the police caught up with him, he was found not guilty in the subsequent court case. However, this could have turned into a major disaster, had he been a hacker rather than a mere Skype user looking for a means to make cheap phone calls. Malicious hackers have broken into countless organizations and websites since the Internet became popular. These include Yahoo!, LinkedIn, Hotmail, Bank of America, the Pentagon, and NASA, and the $10 million online heist carried out at Citibank by Vladmir Levin in 1994. In 2004, Microsoft Corporation fell prey to a (password) hacker that stole the entire source code for Windows 2000. The culprit was never caught. Recently, a hacker stole the password to a Twitter account held by the Associated Press (AP) and posted a fake story of an explosion at the White House. Because of AP's credibility, the story led to a 143 point drop in the New York Stock Exchange (NYSE), costing billions of dollars in economic losses which were fortunately reversed when the NYSE recovered in full. Every day, however, countless individuals fall prey to hackers who steal their passwords, and suffer serious losses as a result. This happens because their passwords are weak, or they failed to enact effective (password protection) techniques.
Strong Passwords
One of the most important ways to prevent computer (security) breaches is the use of a strong password. A large number of hacking cases involves compromised passwords which were simple to guess. Examples of easy passwords include "swordfish", "Password", "trustno1", "qwerty", "iloveyou", and of course, "123456". Passwords such as one's birthday or maiden name, family names and pet names, are also bad choices. Weak passwords can be guessed, or cracked, within seconds, using the modern computing power available in a simple laptop.
To create a strong password, one must adhere to two rules. First, the password must be long, which means at least 12 characters or longer. Shorter passwords, no matter how complex, are easy to crack using brute-force guessing. Second, in addition to being long, they must also be complex. Complex passwords require the use of a combination of upper case and lower case letters, numbers, and other characters such as parentheses, brackets, arithmetic symbols, and punctuation marks. Long and complicated passwords deter hackers because it takes a prohibitively long time to crack them. A single long and complicated password can take weeks or longer to unlock, rather than the seconds it takes to figure out simple ones.
Password Protection Policies
Even strong passwords can fall prey to sophisticated hackers with access to a lot of computing power. In addition, they can also be intercepted by eavesdropping. Eavesdropping comes in two forms, one being someone using a camera to physically look over a user's shoulder, or a man-in-the-middle attack, which involves capturing a password while it is being transmitted as part of an authentication process. This can happen not only over wireless networks, but also if one's Internet service provider is compromised. In addition, hackers can also acquire files which contain thousands of user logins and passwords in one convenient place. These threats make (password protection) a necessary part of a user's (information security) strategy. Examples of password protection include encryption, frequent password changes, and physical password protection.
Physical protection of one's password is effective in preventing physical eavesdroppers from seeing the password as it's being entered. Whenever one is accessing an ATM at a bank, in a checkout line, or at a gasoline station, it is a good password security practice to prevent others from seeing what is being entered. This involves physically leaning over the keypad so no person or nearby camera can see what is being typed.
Occasionally, however, a hacker may somehow place a keystroke monitor on the keypad, or acquire access to the network, to monitor passwords in transit. Hackers may also acquire password files, which are password lists stored on every computer that handles user authentication tasks. Users who change their password on a weekly basis may experience serious inconveniences, but if they use strong passwords, a hacker may crack their old password, only to find it is no longer useful. It follows from this that a user should never use the same password twice. Furthermore, a user should never employ the same password in any two areas, because of the risk that one stolen password might be used to unlock unauthorized access to multiple accounts.
Even the strongest passwords are useless if they are captured in plaintext format. Plaintext format means that they are unencrypted. A hacker can simply capture the transmitted password, then cut and paste the information into the system to gain access. Encrypted passwords, however, require decryption in order to become useful to the hacker. This is especially important to consider whenever logging into a wireless network. Wireless networks that are "open", or which do not require a password for access, are unencrypted, and are the most vulnerable. These networks make it easy for a nearby hacker to intercept passwords in plaintext format. Wireless networks that use WPA encryption are much easier to crack than ones that use WPA2/PSK encryption. If possible, however, one should never transmit passwords to sensitive websites over any wireless connection. Users should also never visit an important website like a bank, if they do not see that it is using encryption. A website that ends in http rather than https should always be avoided if one is transmitting personal or financial information.
- From '12345' to 'blink182', the most hacked passwords revealed in warning over cyber-security
- University of Chicago, IT Services: Password Security
- State of Washington, Teen Consumer: Password Protection
- Consumer Reports: Tips for Better Passwords
- Goodwill Community Foundation: Creating strong passwords
- Darknet: Good Password Guidelines - How to Make a Strong/Secure Password
- Boston University: How To Choose a Strong Password
- The University of Ottawa: The Importance of passwords
- Carnegie Mellon University, School of Computer Science: How to Choose Good Passwords
- UCLA: How to Create Strong Passwords
- The University of Texas System: Password Do’s and Don’ts
- US Computer Emergency Readiness Team: Security Tip (ST04-002) Choosing and Protecting Passwords
- ZDNet: The Worst Passwords of 2020
- Forbes Magazine: 25 "Worst Passwords" Of 2011 Revealed
- Huffington Post - Top 10 WORST Internet Passwords: See What Terms To Avoid
- Protect Your Passwords
- Columbia Business School: Keeping Up with the Hackers
- Tom's Hardware - The Fifteen Greatest Hacking Exploits
- Government of North Dakota Information Technology Department: User IDs and Passwords
- New York Times: How to Devise Passwords That Drive Hackers Away
- GRC's Ultra High Security Password Generator
- Random.org: Random Password Generator
- Strong Password Generator
- Tech Zoom: Password Generator
- Multicians.org: Password Generator
Strong Passwords and How To Use Them
Passwords are an important part of computer security, protecting sensitive information and personal documents from an assortment of attacks. Passwords can act as a barrier when logging into web sites for banking or gaming, when entering the network on one’s computer at work, or even when logging on to a personal computer at home.
Passwords are often the first line of defense against intrusions from cybercriminals, jealous co-workers, or even curious onlookers. That’s why it’s important to have a strong enough password that will fit the needs of the user while still offering enough protection to stave off attempts to get past them.
What is password strength?
A password’s strength is determined by how effective it has in resisting an attempt to “guess” the password, whether by a “brute-force attack,” (a cryptographical term that describes running through all possible combinations of a key) or by guessing.
In essence, the more characters in a password, along with combining punctuation, numbers, and capitalizations, the stronger a password is. Speaking in mathematical terms, using a combination of all of these different variables in a password increases the number of permutations it would take for either a random password generator or a person guessing to break the code.
Ways of defeating passwords
When it comes to localized password stealing, guessing is the most common way of breaking through the barrier. Because a person who has access to a shared computer will likely have first-hand knowledge about the primary computer person’s background, easily guessed passwords such as a name, a birthday, or a favorite rock band is usually where a hacker will begin.
Aside from the aforementioned brute-force attack, another method used by cybercriminals is keylogging programs. This is a form of malware that, when implanted in a target computer, can record the text that is typed into a Web browser, specifically targeting login and password information. However, with this method, if a computer isn’t protected against keyloggers, the strength of the password is moot, because the hacker can see exactly what the password is.
Situational passwords
There is some debate on how computer users should create passwords. Some subscribe to the theory that every single person who uses a computer should have a different password for every function, and created with a random password generator. Some people even suggest to never write down any passwords. However, for most people, this is just not feasible, as it would be impossible to remember that many difficult passwords.
By definition, a password’s strength is as good as it can hold out against attempts to break into it. Therefore, a home computer that requires a log-in to boot up will not require as complicated of a password as one at work, or even one needed to log in to an online game. If a parent sets a password on a computer to keep a young child from using it without permission, a simple password of two random words (like radioshoe) will most likely suffice. However, a stronger password is much more important when creating one for online commerce, such as shopping or banking.
Password examples
Situations aside, here are some examples of weak and strong passwords, based solely on the physical strength:
Weak passwords
- Sequences – These can be alphabetical (abcdefg), numerical (23456) or sequential on the keyboard (tyuiop).
- Dictionary words – Any “real” words are easily decoded, even if used in simple combinations with capital letters or punctuation.
- Double words – The repeating of “real” words doesn’t help either, such as “mindmind” or “treetree.”
- Obvious words – Words such as “password,” “admin,” “access,” and “login” are extremely weak.
- Words with an addition or obfuscation – Augmenting words like “company1,” “pa$sword,” or “Sally1959” are easily figured out.
- Identity related – Birthdays, license plate number, anniversaries, phone numbers, family names, friends’ names, and the like should be avoided.
Strong passwords
- D4*c7Xq#$fG – This uses a random combination of upper- and lower-case letters, numbers and punctuation. The pattern of the combinations are not repeated. Hard to remember, especially if using multiple passwords of such variations.
- Tci4m0pu.Sa! – This represents a phrase the user can memorize. Translated, it means, “This computer is 4 (for) my own personal use. Stay away!”
- Wwta8ItIk10 – This uses a combination of a line of poetry, combined with random throws of two honest dice. This translates to, “Whose woods these are 8, I think I know 10.”
Strong passwords can also be created by means of a random password generating program.
Protecting your passwords
The most obvious way to protect passwords is to never give any out, even to friends or family. Also, reputable companies will never ask for a person’s login and password information, so be wary of this identity theft method. There are also encryption programs that can create password encryptions for all online needs, which allows the user to only have to remember the one password used to log into the encryption program. If a person needs to write down passwords to remember them, make sure to file them safely, such as in a wallet, a diary, or in a strong box with other important papers.
Password Managers
These days, most of security and antivirus software offers some kind of password management option. In addition, there are specific software products that offer the service of storing and managing your passwords. They also help you create new secure passwords. Finally, such password managers allow you to automatically fill-in your user names and passwords (autofill) in various online apps and services. This could be a social network like X or Facebook, or your online banking.