How do you store your system password—as a sticker on your monitor? Or do you have the habit of keeping your Google or Facebook password as a sticky note on your desktop? If yes, and your password is still safe, you are very lucky.
When you keep your passwords on desktops or at easily accessible places, there are chances that somebody use them to access your work computer, email, social networking, or even internet banking accounts. Hackers are on run everywhere. They operate from close range or form remote, and steal your passwords to access your personal or even more valuable information. It is the time to be more careful about passwords—the secure keys to your digital worlds.
How hackers steal your passwords?
Nobody can predict how minds with criminal intentions operate. But the general ways of stealing passwords are:
- Trying dictionary-based attacks. Do you open your dictionary to find a password? Beware! There are software programs that can enter all the dictionary words in to the password field one after the other to find the actual one. The program performs so quickly that all the dictionary words will be tried in a few seconds.
- Brute-force cracking. Many people use random keyword combinations with no meaning as passwords. But what if a program can try all the possible keyword combinations in the password field? Such attacks have been found to be very successful in cracking small passwords.
- Trying dictionary words with substituted characters. Do you think it is safer to use ‘Pa$$w0rd’ or ‘p@ssw0rd’ as your password? Can a password be safer just because of replacing ‘l’ with ‘1’, ‘e’ with ‘3’, and ‘o’ with ‘0’? In no way, it is safer. Password cracker tools are intelligent enough to try the most commonly used character replacements.
- Phishing. In phishing, hackers try to fool users through emails that appear to be from an original source. These emails urge users for immediate action and lead them to fake websites that appear like the original ones. Information entered on these sites are captured by the hackers.
- Spying from behind. It is nothing but stealing your passwords by spying on your computer activities. People lurking around you can note your passwords as you enter them on your laptops, mobiles, etc.
- Intelligent guessing based on personal information. People as well as some programs can guess passwords from personal information that is available to them. Mainly they get information from online profiles on various sites. They try to guess passwords based on this information and succeed in many occasions.
How web services protect your passwords?
Web services are very cautious about password stealing attempts. Some of the precautionary measures taken by them to avoid password cracking are:
- Minimum complexity requirements for passwords. Email services and other services mandates passwords to meet minimum complexity requirements. They make it mandatory to have a minimum length, and a minimum number of special characters and numbers in it. Also, many of them rate the strength of the password and inform the user of it.
- Multi-factor authentication. In this, for successful login you need to have at least two devices. After providing your regular password, you will have to authenticate through a second device, usually a mobile phone. A commonly used method is to send a one-time password (OTP) to the mobile phone. This OTP provides additional security to your login. However, more advanced options for this step are available now. Also, some services allow you the flexibility of creating your own list of one-time-passwords in advance.
- Security questions. Web services provide an additional layer of security through security questions. When the user configures the web service account for the first time, he will be choosing a few questions and providing answers for them. Later, when authentication is required, he has to provide the same answers for these questions.
- Account locking after repeated unsuccessful attempts. Most of the web services lock the account temporarily after you try to login three or more times unsuccessfully. It ensures that no one can use the trial and error method for finding the password. One can succeed only if he is damn sure about the password.
How to protect your passwords
In order to protect your passwords, you should create strong passwords. Also, you have to use them very carefully.
- Create strong passwords
- Use passwords carefully
Creating strong passwords
Weak passwords are vulnerable. You need to create strong passwords. Here are the Dos and Don’ts of creating strong passwords:
- Keep it long
- Long passwords are difficult to crack. So make them have at least eight characters.
- Make it complex
- Make passwords complex so that it is difficult to guess them or find them by trial. Mix alphabets and numerals, use small letters and capital letters, and use one or more special characters in them.
- Make it easy to remember.
- When passwords are easy-to-remember, they need not be saved or written somewhere. So they are safer.
- Make it from a phrase or sentence
- ‘You are Welcome to New York’ is an easy sentence to remember. By taking the first letters of each word you will get ‘YaWtNY’. Now you can make it long and complex by adding numbers, special characters, small letters etc. You can try similar methods yourself.
- Don’t take a word out of dictionary
- Don’t use dictionary words or a common word as password as they are prone to dictionary-based attacks.
- Don’t follow common patterns
- When you follow commonly used patterns, one can guess it easily. So never try common patterns for your passwords.
- Don’t use words related to you
- If you use some personal information like name, DOB etc., somebody will be able to guess it. So never use personal information as password.
- Don’t use commonly used passwords or easy keyword combinations
- Words like password, qwerty, 123456 are widely used as passwords. Almost all easy character combinations possible on a computer keyboard can be tried using software programs. So don’t try ‘aaaaaaa,’ ‘aaaaaab’ etc. as passwords.
How to be careful while using passwords?
Here are some tips for using passwords safely:
- Use different passwords for different sites. Don’t use the same password for all your accounts. Make it different for Facebook, Twitter, LinkedIn, Google, and so on.
- Don’t save passwords on browsers/websites. Don’t use the password saving feature of browsers or ‘remember password’ option provided by websites. Configure web browser settings according and uncheck password remember option on provided by web services. To be on the safer side, always clear the history after using the internet (especially if you are using public computers).
- Don’t store passwords on easily accessible places. Don’t place your passwords on monitors, desktops, or on places near your computer table. If you write them, keep them away from computers. Make passwords easy to remember so that it is not necessary to write them down.
- Change default passwords. Don’t use default or system generated passwords. Change them in the first login itself.
- Don’t share passwords with anybody. The best advice is not to share your passwords with anybody. Even if you share, change it immediately after the requirement is over.
- Provide fictional answers to security questions. If you provide real answers to security questions, somebody can find them and use them. But when you give fictional answers, only you know them. But be sure that you remember them.
- Don’t respond to suspicious emails and messages. Don’t respond to suspicious emails and messages; don’t follow links on them.
- Try to minimize the information you provide online. Don’t provide all your personal information on social networking sites and other online services. Provide personal information only on trusted and reliable websites.
- Don’t give the access of physical devices to strangers. It is elementary –don’t let strangers and unreliable people use your systems and mobiles.
Password safety is a matter of concern for all computer users. Experts suggest various methods to make your passwords stronger and to use them securely. These methods are formulated after studying various strategies followed by password crackers. You can keep your passwords safer simply by following these simple guidelines.
Satyendra Tiwari is associated with Lepide Software as a Manager – Product Marketing Operations.