The unbiased reviews and trending computer technology news just for you Tech Geeks!
How to Set Up a Strong Password
The best passwords will prevent any cyberattack. In this article let me explain how to set up a strong password that is unbreakable and withstands any brute force.
Let’s first take a look at the various ways passwords can be hacked, so that you understand the most common methods being used today.
How does a password get hacked?
Cybercriminals have several password-hacking tactics, but the easiest one is simply to buy your passwords from the dark web. It is a big black market in the buying and selling of login credentials and passwords. If you’ve been using the same password for many years, chances are it’s been compromised.
Cybercriminals have to crack them if you’ve been wise enough to keep your passwords off from the black market lists. These attacks can be aimed at your actual accounts or possibly at a leaked database of hashed passwords.
But if you’ve been wise enough to keep your passwords off from the black market lists, cybercriminals have to crack them. And if that’s the case, they’re bound to use one of the methods below. These attacks can be aimed at your actual accounts or possibly at a leaked database of hashed passwords.
Brute force attack
This attack tries to guess every combination until it hits on yours. The attacker automates software to try as many combinations as possible in as quick a time as possible. Generally, anything under 12 characters is vulnerable to being cracked. If nothing else, we learn from brute force attacks that password length is very important. The longer, the better.
Thacker is essentially attacking you with a dictionary. Whereas a brute force attack tries every combination of symbols, numbers, and letters, a dictionary attack tries a prearranged list of words such as you’d find in a dictionary.
If your password is not a strong password and indeed a regular word, you’ll only survive a dictionary attack if your word is uncommon or if you use multiple-word phrases. These multiple-word phrase passwords outsmart a dictionary attack, which reduces the possible number of variations to the number of words we might use to the exponential power of the number of words we’re using.
Phishing is when cybercriminals try to trick, intimidate, or pressure you through social engineering into unwittingly doing what they want. A phishing email may tell you that there’s something wrong with your credit card account. It will direct you to click a link, which takes you to a phony website built to resemble your credit card company. The scammers stand by with bated breath, hoping the ruse is working and that you’ll now enter your password. Once you do, they have it.
Phishing scams can try to ensnare you through phone calls too. Be leery of any robocall you get claiming to be about your credit card account. Notice the recorded greeting doesn’t specify which credit card it’s calling about. It’s a sort of test to see if you hang up right away or if they’ve got you “hooked.” If you stay on the line, you will be connected to a real person who will do what they can to wheedle as much sensitive data out of you as possible, including your passwords.
What Makes Some Passwords Weak?
You should use some capital letters, a few numbers, and, if you’re feeling up to it, a special character or two. Although it’s easy to understand what makes a password safe, it’s not as easy to understand what makes one weak.
Attackers who want to access your passwords usually do so by running a program that can guess possible combinations. Given a set of criteria, the machine can figure out your password simply by brute-forcing every possible combination of characters.
As an example, imagine you knew that a password to someone’s account was compromised of three single-digit numbers, including zero through nine. There are only 1,000 possible combinations of those three numbers, so if you tried every possible combination, you’re sure to find the correct password.
That’s the logic behind what makes a password strong versus weak. The more possible combinations your password has, the harder it is to brute force attack. That’s the defining principle when it comes to setting strong passwords. The goal is to make your password long, unique and random, making it impossible for a computer to guess.
Don’t Be Silly
Never use sequential numbers or letters, and do not use “password” as your password. Come up with unique passwords that do not include any personal info such as your name or date of birth. If you’re being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts.
The anatomy of a strong password
Now that we know how passwords are hacked, we can create strong passwords that outsmart each attack. Your password is on its way to being uncrackable if it follows these three basic rules.
Keeping in mind the nature of the attack, you can take specific steps to keep the brutes at bay:
- Make it long. This is the most critical factor. Choose nothing shorter than 15 characters, the longer is better.
- Use a mix of characters. The more you mix up letters (upper-case and lower-case), numbers, and symbols, the harder it is for a brute force attack to crack it.
- Avoid common substitutions. Whether you use DOORBELL or D00R8377, the brute force attacker will crack it with equal ease. These days, random character placement is much more effective than common informal language
- Don’t use memorable keyboard paths. Much like the advice above not to use sequential letters and numbers, do not use sequential keyboard paths either. These are among the first to be guessed.
Using Password Generator
If you use Password managers, they usually come with a password generator. These tools use a random number generator with a list of criteria, such as the number of characters and certain letters, to create a new password. This solution is far more difficult to crack than a passphrase.
Tips for Creating a Strong Password
Having provided some knowledge about what makes certain passwords more secure than others, it’s time to go over my four tips for creating a strong password.
These are guiding principles when signing up for an account, but you can skip this by just using a password generator with any password manager.
Make It Random
Randomness is the name of the game when it comes to setting a strong password. Although true randomness is somewhat of a pipe dream, you can get pretty close with a password generator. Ideally, when you sign up for a new account online, you’ll generate a password with your password manager.
1Password, for example, can quickly generate and fill in a unique password whenever you sign up for a new account (read my 1Password review for more on that). The important thing here is that the password shouldn’t be recognizable through any pattern.
Make It Unique
Each of your online accounts should have a different password generated using a password manager. That way, the number of possible combinations of passwords across your accounts goes up significantly.
The reason behind this practice isn’t hard to figure out. If an attacker figures out a password for one of your accounts, they have the password for all of them. Furthermore, unique passwords across your accounts provide some damage control.
Longer Is Better
The more characters your password has, the tougher it is to crack. Each additional character you add to your password exponentially increases the number of possible combinations your password could have, making it that much more difficult to crack. I recommend anywhere above 12 characters, but higher is better.
Change It Often
Changing your passwords often is a good security practice, though a tedious one. Thankfully, modern password managers make it easy to stay up to date on how old your passwords are. For example, 1Passord offers an identity dashboard that shows all of your old passwords, as well as if your passwords show up on the dark web (read my 1Password review).
Of course, updating a weak password to another weak password doesn’t solve the problem. The goal with changing your passwords often is to go from a secure password to another one, making it more difficult to pinpoint a single account’s login.
Enter the Password Manager
Thankfully, you don’t need to worry about any of these tips as long as you’re using a password manager. These tools allow you to store your logins inside an encrypted vault and autofill them in your browser. In addition to making your passwords more secure, password managers make the browsing experience easier.
Acting as a central hub for all of your logins, a password manager is an essential tool for any modern browser. With one, you can stop fighting the uphill battle of trying to remember passwords for all of your accounts, while adding your online security with long, randomly generated passwords for each of your accounts.
Although it’s important to remember my tips for setting a strong password, you shouldn’t have to worry about them if you’re using a password manager. They enable you to create long, random, unique passwords for each of your online accounts, aiding in security and usability in the browser.
There are plenty of other critical tools when it comes to securing yourself online, including an antivirus and a virtual private network. However, none of them are as inexpensive and easy to implement as a password manager.
How do you create a strong password? How are you securing your passwords? Let me know in the comments below and, as always, thanks for reading.