Workflow logo
Post Job Now
Home / Resources / Blog /Strengthen Your Password and Beat the Hackers
Strengthen Your Password and Beat the Hackers
# Lifestyle# Workplace# Working Wisdom

Strengthen Your Password and Beat the Hackers

Mohamad Danial bin Ab Khalil
by Mohamad Danial bin Ab Khalil
Jun 12, 2022 at 11:59 PM

Are You Hiring?

Find candidates in 72 Hours with 5+ million talents in Maukerja Malaysia & Ricebowl using Instant Job Ads.

Hire Now
A Job Thing Logo

Is the security of your passwords up to par? Self-created passwords aren't as safe as they should be for many people.

A large security breach impacted approximately 2 million websites and social media accounts in over 100 countries, according to Trustwave, an information security firm which exposed the hack in 2013. 1.58 million website login credentials and 320,000 email account credentials, including those from Facebook, Google, Twitter, LinkedIn, and Yahoo, were taken in the attack.

Although the breach was most likely caused by malware on particular machines, the investigation also looked at the stolen passwords and discovered that many users have gotten sloppy when creating passwords. According to the research, the top two stolen passwords are "123456" and "123456789". Moreover, tens of thousands of people continue to use passwords like "password" and "admin."

Only 5% of stolen passwords were rated as "excellent" in terms of password strength. While 44% of passwords were assessed to be of medium strength, 34% were deemed to be weak.

Indeed, even those adhering to "best practices" may be at risk. Former National Institute of Standards and Technology official Bill Burr claims that his 2003 advice on building strong passwords was incorrect. His suggestion has contributed to the current situation of password indifference.

For example, if you follow his advice, you may make a password like P#ssWrd1? But it's not as challenging to guess as you may assume. He also suggested changing your password every 90 days, but this led to people making little gradual changes like P#ssWrd2? which is still easy to guess and gives the illusion of security.

Creating tougher passwords, on the other hand, isn't difficult. Here are five tips for creating stronger and safer passwords to protect your personal information.

 

1. Be original; don't recycle passwords.

Dodi Glenn, senior director of security intelligence and research laboratories at ThreatTrack Security, a malware analysis and anti-virus software company, advised never to reuse the same password for several accounts as it's not a good habit to develop.

Although it is more convenient to use the same password for multiple accounts, Glenn warns that the ease might lead to tenfold greater damage if the password is compromised.

He said that if malware collects Gmail account information, but the same password is used across a range of critical sites, such as an online banking or retail site, cybercriminals can easily break into all accounts and collect personally identifiable information (PII) for malicious purposes.

Eduard Goodman, chief privacy officer at Identity Theft 911, suggested that users store passwords in a secure location to keep track of them. He recommends password managers like PasswordBox, LastPass, and RoboForm.

 

2. Experiment with unusual and nonsensical combinations.

While using the names of loved ones, pets, beloved sports teams, and other personal data to recall passwords can help users remember them, it also makes it simpler for hackers to gain access to their accounts.

Tom Smith, vice president of Identity and Access at Gemalto, a digital security company, said with billions of password users on earth, there's a high chance someone has already thought of the combination.

According to Smith, millions of credentials are available in databases for criminals to use in cyberattacks due to the growth in security breaches in recent years, most notably the Adobe and Facebook compromises in 2013.

Smith explained that a 'Dictionary Attack' is an attack in which a password is systematically searched against all other passwords in a 'dictionary,' or a predefined list of existing passwords. Because these passwords are obtained from previous breaches, he claims that utilising them raises the risk of the so-called "unique" password being compromised again.

According to Goodman, users should "mix things up a bit" to develop more imaginative passwords. He wrote that combining upper- and lowercase letters, numbers, and symbols is one way to do it. Users can, for example, change a weak password like "happy777" to a tougher one like "H@pea!931." However, you should avoid using common terms as a basis, such as Password.

Another alternative is to make an acronym out of a lyric, sentence, or phrase, such as "'Twas the night before Christmas and all through the house," which becomes "TtnbCaatth."

 

3. Make your passwords as long as possible.

A password of at least eight characters is required for most services. In practice, users will need more to create a genuinely safe password.

Smith said that the longer the password, the more difficult it is for cybercriminals to crack it. The traditional rule of thumb has been eight characters, but that is no longer enough. Password-cracking algorithms, like everything else in technology, have gotten faster. 

Some claim to be able to make 350 billion guesses per second, which means they can crack an 8-character password in seconds. Experts now advise users to establish passwords with at least 13 to 20 characters to safeguard themselves.

 

4. Use two-factor authentication to protect yourself.

If a website supports two-factor authentication, take advantage of it. Two-factor authentication provides an extra layer of security to an account, making it more difficult for fraudsters to gain access.

Many websites now offer two-factor authentication, which needs both a password and another form of identification, for example, a code from a mobile device.

Examples of secondary identification types include:

  • A personal identification number (PIN),

  • Biometrics,

  • A physical token attached to a device, and

  • A secret question that only the user knows the answer to.

Even if an attacker steals users' login passwords, they will not be able to access their accounts without the secondary form of identification with two-factor authentication.

 

5. Change your password on a regular basis.

Finally, there's the age-old rule of changing your password regularly. Glenn and Goodman suggested updating passwords at least once every few months or every quarter. However, until you have been breached, this is no longer commonly considered required.

Have I Been Pwned? is a website that lets you search for your email address, username, or password to discover if they've been exposed in any reported data breaches.

 

Source: Business News Daily

Share
Search
Categories
© Copyright Agensi Pekerjaan Ajobthing Sdn Bhd SSM (1036935K) EA License Number JTKSM 232C Terms & Condition Privacy & Policy About Us