There are different ways for user authentication, and the most predominant type of authentication is the use of user accounts and passwords. The complexity of the authentication mechanisms has improved over the years, making them more secure. Still, simple username\password authentication methods are vulnerable to many types of attacks. One of the most effective ways to mitigate password vulnerabilities is by creating strong passwords that defeat cracking mechanisms.
Strong and Secure passwords are one of the pillars of information security best practice.
Whether you are a home or enterprise user, creating strong, hard-to-guess passwords is the first line of defense against account compromise.
The challenge for users when creating long, complex passwords is memorization. This article shows you how to create strong, secure, and easy to memorize passwords to secure your accounts better.
Think of a Pass Phrase:
For years, people have used single words for passwords. Not only do they use single words, but they use common words found in dictionaries. It doesn’t take long to crack a password with common characters 1-0, a-z, A-Z, and if the perpetrator has the right rainbow tables, the process is short. So the first piece of advice for a strong password is to think of a passphrase, instead of using “Monday23” as a password you may try “2 weeks ago on Monday tHe 23 rd, I joined the meeting @”.
You can use special characters:
Yes, passwords are not just letters and numbers. You can use special characters such as: [email protected]#$%^&*()_+”., you can use spaces and anything in the ASCII special character chart.
Don’t just rely on substituting letters for special characters:
for example, replacing the letter “a” for the “@” sign, or number zero (0) for the letter “o,” especially when using common words, i.e. “[email protected]”, though technically more secure it’s still simple to crack with the right tools.
Don’t add an extra character when changing your password:
i.e., [email protected], when updated: [email protected], [email protected], [email protected], etc. Instead, come up with a new password. Adding an extra letter to a previously used password makes it more vulnerable to brute force attacks.
Avoid words that are familiar to you:
Avoid using words such as spouse name, children names, birth dates, pet’s name, work, and industry-related words. Attackers can find that information by using social engineering techniques.
Use password generator software:
You don’t have to spend 5 minutes developing a strong password. Password generator software simplifies the password creation process and administration for you.
Use a Password Manager:
This is especially useful when you have multiple accounts. A password manager is a centralized location for you to store all your passwords. Usually, a master password is created to unlock the database where all passwords are stored.
Use two-factor authentication:
Something you know (a password) + something you have (keyfob, code, etc.). That combination is far more secure because even if the password is cracked, they still need another verification method to gain access. Google has an option for two-factor authentication for users to access their services (http://www.google.com/landing/2step/)
Be Careful where you access your accounts:
Be extra cautious when using public computers; it does not take much to have a keystroke logger running in the background recording information.
Don’t use the same password for different accounts:
this will help minimize the damage if one of your accounts gets compromised.
Check if your credentials are compromised:
you can check sites like “Have i been Spawned” https://haveibeenpwned.com/.
Passwords are digital keys to unlock account access. You want to make sure you properly secure the “keys” to protect your privacy and resources. Always remember that long passwords are harder to crack than short passwords, no matter what the complexity is. Think of passphrases rather than passwords, and change your password on regular basis.