A weak password can render the most powerful VPN useless. Here's everything you need to know about creating a strong password.
A 6-letter password that’s a word from the dictionary can be guessed by a computer in a second. It would take the computer 32 minutes to guess a 9-letter word like ‘spaghetti’. And by ‘guess’ we don’t mean that there’s a small chance of it doing so. The password will be cracked 100% of the time using what’s referred to as a ‘dictionary attack’.
This is just one of the numerous ways that hackers can break into your account. What if you use the same password for all multiple online accounts? What if a hacker broke into your primary email account and used it to reset the passwords for all other accounts linked to it? The damage would be devastating—and most likely irreparable.
Potential damage includes permanent loss of account access, loss of money, public defamation, identity theft, and exposure of sensitive financial or personal information.
4 rules for ensuring the security of your passwords and accounts
Here are a few tips for ensuring the security of your password and account. Note that these tips are a great starting point, but you should take the time to educate yourself further on securing your online information.
#1 – Create strong passwords
This might seem like a no-brainer, but it’s worth mentioning because many people appear not to know what ‘strong’ means as far as passwords are concerned. The attributes of a highly secure password are as follows:
- It should use at least 3 out of 4 character types: uppercase, lowercase, numbers and symbols.
- It should have at least 11 characters. If you ignore rule one, it should have at least 16 characters.
- Passwords with real words (‘Eagle1987’, for example) are easier to break.
#2 – Use a unique password for different accounts
If a website on which you have an account is breached and your login details are stolen (this has probably happened at least once), how many accounts belonging to you can the hacker access using the same login credentials? Ideally, it should be none. However, most people’s answer to that question will be ‘a few’ to ‘pretty much all of them’. NEVER reuse passwords for important accounts such as your email and online bank account.
#3 – Use a password vault to remember your passwords
If your passwords are adequately strong, then you will have a problem remembering them. Thankfully, there are a number of password vaults and cloud solutions that you can use to generate and remember passwords for every online account you have. You need only remember the password to the password vault. Good examples of such services include LastPass and KeePass, each with its own benefits.
#4 – Enable two-factor authentication
Using two-factor authentication adds another layer of security to the login process. By itself, a password is not enough. With two-factor authentication, accessing an account requires the password and access to the authentication device, which is typically your phone, which will receive verification requests through push notifications or text messages.
It’s not as much of a hassle as it sounds, and many two-factor authentication systems will only verify you once, unless you attempt to log in from an unknown device. We strongly recommend using two-factor authentication for three categories of websites:
- Your main email account
- Your password vault
- Bank and brokerage accounts
It’s essential to use two-factor authentication for banks and brokerage accounts because a breach of any of these accounts can be devastating. A vast portion of your net worth (save for your home, if you own one) is just digits recorded in some database. If a hacker manages to breach your account, he can transfer all your money to another account, leaving you penniless.
Using two-factor authentication for your primary email and password vault accounts is equally important because they’re the gateway accounts to your other accounts. If a hacker manages to break into your email or password vault, they can reset the passwords for all the accounts linked to it. If the hacker breaches your password vault, they can download all the stored login credentials in a plain text file.
For some reason, few email providers offer two-factor authentication. Fortunately, Google continues to be on the cutting edge of technological advancements and has been using two-factor verification for years.
How passwords are cracked
There are two primary methods of cracking passwords:
- Brute force attacks (password guessing)
- Reverse engineering passwords stolen from websites
Password guessing can be done both online and offline. It works by attempting to log in multiple times using different passwords in succession for the same username. Fast computers can run through thousands or even millions of combinations in a second.
The process is faster in offline scenarios such as cracking a file password or an OS. It’s slower on websites because the speed of the process is limited by the server’s capacity. Two common forms of password guessing are brute force attacks (trying all possible character combinations) and dictionary attacks (using common words).
Now that you’re aware that your six- to nine-character password is not at all safe, it is imperative that you take the steps outlined in this article to ensure that your passwords and accounts are secure. At the end of the day, only you are responsible for your online security.
It is only a matter of time before some hacker attempts to break into one of your accounts. In fact, there’s a chance that this might have already happened but you just didn’t realize it.
By using strong, unique passwords you greatly reduce the chance that a hacker can reverse-engineer your password, provided the website that stores it uses the proper hashing techniques. Additionally, by never reusing a password, you need not worry about a hacker using a password they stole from you to access many other accounts belonging to you.
The most effective ways of managing your online security include using a password vault, such as LastPass, and upgrading your login security to two-factor authentication. Hackers typically go after the easiest targets, i.e. people who use easy and short passwords. Following these and other rules will make you a less attractive target.