There are different ways for user authentication, and the most predominant type of authentication is the use of user accounts and passwords. The complexity of the authentication mechanisms has improved over the years, making them more secure. Still, even with the improvements, many more layers of security can be added to increase the overall security and identity protection.
Strong and Secure passwords are one of the pillars of information security best practice . Whether you are a home or enterprise user, creating strong, hard-to-guess passwords is the first defense line against account attacks. The challenge for users when creating long, complex passwords is memorization, where they may write the password on a sticky note and have it visible to anyone close to the computer.
This article will concentrate on “simple” passwords and show you how to create strong, secure, and easey to memorize passwords to secure your accounts better.
Think of a Pass Phrase: For years, people have used single words for password. Not only do they use single words, but they use common words found in dictionaries. It doesn’t take long to crack a password with common characters 1-0, a-z, A-Z, and if the perpetrator has the right rainbow tables, the process is short. So the first piece of advice for a strong password is to think of a passphrase, instead of using “Monday23” as a password you may try “2 weeks ago on Monday tHe 23 rd, I joined the meeting @”
You can use special characters: Yes, passwords are not just letters and numbers. You can use special characters such as: !@#$%^&*()_+”., you can use spaces and anything in the ASCII special character chart.
Don’t just rely on substituting letters for special characters: for example, replacing the letter “a” for the “@” sign, or number zero (0) for the letter “o”, especially when using common words, i.e “P@ssw0rd”, though technically more secure it’s still simple to crack with the right tools.
Don’t add an extra character when changing your password: i.e., Tr@Ff1c, when updated: Tr@Ff1c1, Tr@Ff1c2, Tr@Ff1c3, etc. Instead, come up with a new password. Adding an extra letter to a previously used password makes it more vulnerable to brute force attacks.
Avoid words that are familiar to you: avoid things such as spouse name, children names, birth dates, pet’s name, work, and industry-related words. Attackers can find that information by using social engineering techniques.
Use password generator software: You don’t have to spend 5 minutes trying to develop a strong password. Password generator software simplifies the password creation process and administration for you.
Use a Password Manager: this is especially useful when you have multiple accounts. A password manager is a centralized location for you to store all your passwords. Usually, a master password is created to unlock the database where all passwords are stored.
Use two-factor authentication: something you know (a password) + something you have (keyfob, code, etc.). That combination is far more secure because even if the password is cracked, they still need another verification method to gain access. Google has an option for two-factor authentication for users to access their services ( http://www.google.com/landing/2step/)
Do not store your password on a document. Many people have a “password document.” Instead, substitute it with a password manager.
Be Careful where you access your accounts: be extra cautious when using public computers; it does not take much to have a keystroke logger running in the background recording information.
Don’t use the same password for different accounts: this will help minimize the damage in case one of your accounts gets compromised.
Check if your credentials are compromised: you can check sites like “Have i been Spawned” https://haveibeenpwned.com/.
Even though this article is about password security, you can’t overlook other security measures such as antivirus, firewall, IPS/IDS, disk encryption, file and folder encryption, and email encryption.
We’re a company that specializes in WiFi and Inforamtion Security Services. We create smart, secure, and cost-effective IT solutions for businesses and organizations in Nothern, NJ.