10 March 2013

Beat Hackers With Strong Passwords

How secure is your password?
As computing power has strengthened and hacking attacks have become more sophisticated, devising a secure password and keeping it safe has become crucial. Nearly every website that requires signup will require you to invent a password so that you can log in and access your account.
People will try to ease the burden of creating and remembering passwords by using one similar password for all their logins, or typing a short one easy to remember, or that contains personal information.  Research has shown that one of the most widely used passwords is “password,” followed by “12345678.”

By creating passwords that are easy to remember, you expose yourself what is known as a “dictionary attack.”  Hacking software like John the Ripper, improves the hacker’s odds of success by beginning with words in the dictionary. By using a standard verb noun construction (i/e runningwater) you have just played into a hacker’s hands, because that construction will be among the first to be attempted.
Some people believe that so-called “leek speak,” where numbers are substituted for letters (such as “l33k_$p34k” is safe.   Hacking software can easily allow for these kinds of patterned substitutions and with modern computing power, millions of these constructions can be attempted within seconds. Avoid leek-speak only passwords in favor of introducing more randomness to the password construction.

The fact is, having an easy to remember secret pin that consists of common words, name and birthday dates will make it easy to be discovered or bypassed by hackers. In addition, having a short or weak password can also lead to this. Despite websites and other places that request passwords urging their clients to come up with concrete and long enough passwords to increase confidentiality, the advice is usually not followed. It’s good to go an extra mile and create a strong one which you can be assured that nobody is able to guess. To create strong passwords follow these guidelines:

Length: It good to create a password with more than eight characters. Hacking software will take more time to hack a longer password compared to a shorter one. Therefore make it a habit to formulate longer ones. Make it a rule to always use a password that is maximum length that website allows.  Even if your password is just “marbelfool” but the website allows up to 15 characters, you will still be better off if you substitute a single character for the remaining allowed spaces, such as “marbelfool^^^^^”.

Complexity: Be a little creative and use different letters in the keyboard. Include punctuations, alphabets and symbols and figures. The more you are able to use different characters the more your password is safe. Don’t use the usual “12345” or “abcde.”  You are making it much too easy for somebody. A password mixed with both upper and lowercase alphabets mixed with numbers and symbols would take less time to crack compared with a password containing same kind of keyboard letters. However, be aware also some hacking software can detect widely used letter-to-symbol conversions, for instance “to” to “2” or “and” to “&.”  Other ways to create a complex password may include:
  • Using a sentence as a password. This not only makes it complex but also stronger.
  • Intentionally misspell words and avoiding dictionary or grammatically correct words improves strength.
  • For any of these methods, toss in a few random characters like “%^*#@$”, and the strength improves exponentially.
Variation: Change your password often to keep them effective. Always set a timely reminder to change your secret pins on your credit card websites, banking, and email about every three months.
Variety: Have a unique password different from others for each environment. Don’t get irritated when logging into your social networks, email, online retailers and any other website with changed passwords. Never, ever use the same password and login on more than one website.

Use a secret email for password reset: If the website allows it, use a secret email account for resetting your password.  By secret, I mean use an email account that is not used for logging into any other website.  One of the ways that hackers are successful in getting into your account is simply by hacking into your email, and then going to your bank account and asking for a password reset. Your bank sends a reset email to your main email account, and the hacker is in.

How many times have you been asked for “mother’s maiden name” or “city you were born” when resetting a password?  You can probably think of hundreds of people who know this information, so don’t use it. For many of us, familial information can be easily tracked down on websites that track our family trees, or from indexed news articles. Instead of using your mother's maiden name, enter something more random. If the answer to “Mother’s maiden name”  is “n3wy@#$” it will make hacking your account much more difficult.

Guard your passwords closely. Protecting your password is one of the most important things you can do.  Keep it secret from everybody and only store them in a secure, encrypted location. You might have a complex and high strength password but if you don’t protect them, then your accounts are not safe. Try memorizing your most frequently used passwords. Never type passwords over a public computer network, such as cyber cafĂ© wifi, unless you want to be a victim of cyber-crimes.
Yes, protecting your passwords is hard work. Being safe begins with being aware, and it takes work. Accept this fact, and you are well on your way to being secure on the internet.

This article is brought to you by your friends at Lockbin.com, who care about your privacy and well being. Try Lockbin for free online email encryption, and secure document sharing