An Effective Password – How To Reduce A Hack
Cybersecurity is one of the most relevant aspects of modern life. Each active user has dozens of accounts on various Internet resources: e-mail, forums, online services, news portals, etc. Almost any account can be hacked, and often the vulnerability of an account lies in a primitive password. Often users choose combinations of numbers and symbols that are easy to remember. But such passwords also have a downside - they are easy to crack.
Content:
1. A simple password is a gift to a scammer
2. Which passwords are better not to use
3. How to choose a password
4. How and where to store passwords
5. Additional protection
Surprisingly, simple passwords for personal and work accounts are often used even by businessmen, executives, site administrators, employees of banking structures. Such negligence can lead to very unpleasant consequences. Choosing a primitive combination as a key for an account is like giving an attacker access without a password.
A simple password is a gift to a scammer
Password guessing is one of the most popular account hacking methods. As a rule, ill-wishers use a set of common combinations, “trying on” them to a list of accounts. After going through the entire base with one key, another popular sequence is taken. If the “login-password” pair matches, the attacker gains access to the account. The more complex and unusual the password, the less likely it is to be included in the list of “master keys”. Even if the account ends up in the target database of scammers, it will not be possible to hack it by selecting simple combinations.
If hackers have access to an account, how can they use it? It all depends on what goals they pursue and the account of which service was hacked. Let's say an attacker gained access to a content management system (CMS) account. This means that he can change, copy, delete all content on the portal. If there are feedback forms, and the data is stored in the CMS, then this information also becomes the property of hackers.
E-mail is one of the most popular communication channels, which is also used for commercial correspondence. Most companies operate and communicate internally via email. Important documents are transmitted by e-mail and negotiations are underway. If the account is hacked, then all information and files will fall into the hands of attackers. The severity of the consequences of a data breach can vary. A hacked account of a fishing tackle sales manager is very unpleasant. But if hackers get their hands on sensitive data from a banking institution or law enforcement agency, the consequences could be much larger.
A simple password is a gift for a hacker. But it is even worse if the same primitive combination is used for authorization on different services. It is enough for attackers to guess the password for one account so that all other accounts are also at risk.
What passwords are better not to use
When fraudsters select “keys” for a large database of accounts, popular combinations are used first of all. Among the most common passwords of 2021 are:
- 123456;
- qwerty;
- 123456789;
- 1234567;
- password;
- 111111;
- iloveyou;
- admin;
- password1.
It is worth noting that all these sequences have been on the list of the most vulnerable passwords for many years. Such “keys” are easy to remember, but their use does not provide adequate protection for the account.
What passwords should be avoided:
- simple sequences of numbers (in order, even, identical, etc.);
- popular words and phrases;
- duplicate login;
- sequences of letters on the keyboard (qwerty, asdf, etc.);
- proper names (geographical names, names of people, etc.);
- simple words and phrases in English or Latin letters (best, mylife, rabota, pochta, etc.).
Adding numbers at the end of the password word or duplicating it (maxim2, vova567, bmwbmw, bombom) should also not be considered as a good option to protect your account.
Often, attackers set the goal of hacking a specific user's account. With a high degree of probability, they do not do it blindly. We leave a lot of information about ourselves on the Internet (and not only), so you should not use personal data as passwords:
- names (own, relatives, friends);
- dates of birth;
- nicknames of pets;
- telephones;
- company name, car brand, etc.
How to choose a password
Cybersecurity is a headache not only for users, but also for web services. Therefore, portals often “help” create high-quality passwords for their visitors. For example, a necessary condition is set for the simultaneous use of numbers, special characters, and capital letters. On many sites, the effectiveness of the password is evaluated at the registration stage. The system informs the user about the degree of uniqueness and complexity of the selected sequence.
You also need to use numbers and special characters in a non-trivial way. Quite often they are put at the end or beginning of the password: maria7&, helloworld11$, etc. Such combinations cannot be attributed to a good choice. It is much better if special characters and numbers are inserted into the password in a chaotic way.
Key features of an effective password:
- uniqueness and non-triviality;
- the presence of various types of symbols;
- sufficient length.
The longer the password, the harder it is to crack. But with an increase in the number of characters, the complexity of remembering the sequence increases. You can use quotes from movies, books or songs. However, the choice of such passwords should also be taken responsibly. The line should not be short, popular, or closely related to your personality. If a person has a favorite track and he constantly sings, for example, James Brown's song “I feel good”, then it is possible that one of the accounts of this user can be accessed using the password “ifeelgood” or, for example, “ifeelgood777” . Therefore, the choice of a key, based on quotes, should also be approached with imagination.
Many resources have the ability to randomly generate a password. This is a good solution to create a unique and complex key for your account. The generator generates a password with a chaotic set of characters of various types. Such a sequence is difficult to guess or associate with the user, but it is also not easy to remember. To store such unique complex passwords, you can use special services.
How and where to store passwords
Even inactive users will have several important accounts online. And often we “grow” with dozens of accounts, the exact number of which few people know. A complex password is difficult to remember, and it is almost impossible to keep ten such sequences in memory.
Logins and passwords are often written down in a notepad or a file on a computer. Keeping a list of keys in a text document or Excel spreadsheet is quite dangerous. For a notebook with passwords, you also need to find a safe place, plus there is a possibility of losing or forgetting it. Do not store password sheets in accessible places (for example, under a laptop or on a desktop). It's almost like "hiding" the keys to the apartment under a doormat or in a flower pot next to the door.
To store a large number of login-key pairs, it is convenient to use special services. Among the popular password managers are the following:
- Dashlane;
- 1Password;
- LastPass;
- RememBear;
- NordPass;
- RoboForm;
- Keeper.
Using a special service for managing passwords, you need to remember only one login-key pair. All other data about accounts and code sequences are inside the “safe” program. Password managers can have a different set of features (form autofill, website verification, dark web scanner, etc.). Often, such services also offer a mobile application and plug-ins for various browsers.
The basic functionality of password managers is often provided free of charge or with a trial period. To get the full set of tools, you need to subscribe. For example, the 1Password platform offers various packages for families or businesses. Data safety is a priority for any reputable company, so such services are increasingly used to protect employee accounts.
For macOS and iOS devices, there is a built-in secure password storage solution. Keychain (literally "keychain") is an encrypted database. This tool is great for storing “keys” and allows you to log in to different resources in one click. Passwords are stored in encrypted form, you can set up synchronization with other devices. The program has an extremely simple interface - a set of saved accounts is represented by an informative list. If you forgot your password, you can quickly find the required “login-key” pair through the search bar.
Additional protection
A complex unique password and proper storage is not an exhaustive condition for account security. With frightening regularity, news about data leakage even from large Internet sites appears in the media. And databases of small sites that neglect cybersecurity tools can become easy prey for skilled hackers at any moment.
Additional security measures:
- Using two-factor authentication;
- Refraining from registering on dubious sites;
- Regular change of passwords;
- Using the browser incognito mode when working on other people's devices;
- Passwordless authentication with cloud radius solution.
You must take responsibility for protecting your accounts. It is important to choose a complex unique password and not neglect additional security features.
Time is the most valuable resource in today's business realities. By eliminating the routine from work processes, you will get more opportunities to implement the most daring plans and ideas. Choose - you can continue to waste time, money and nerves on inefficient solutions, or you can use ApiX-Drive, automating work processes and achieving results with minimal investment of money, effort and human resources.