Passwords remain among the most commonly used methods for securing information, even though they are no longer as effective as they used to be. In fact, Verizon’s 2022 Data Breach Investigations Report identified passwords to be among the four leading vectors for cyberattacks. The report also revealed that more than 80% of web application breaches involved stolen credentials.
What is the issue with using passwords?
The main problem with passwords is that they can be easily guessed using a variety of underhanded methods. These include brute force attacks, which involve trying out every possible combination of characters until the correct password is found. Another common method is called a dictionary attack, in which hackers use a list of common words and passwords to try and gain access to locked accounts.
Therefore, if your business still uses passwords, the first and most important step in securing your data is to create strong passwords. Doing so reduces the risk of hackers guessing your credentials and gaining access to your accounts.
How do you create strong passwords?
Follow these tips to come up with passwords that are difficult to crack:
Make them long
When it comes to passwords, longer is better. This is because the shorter your passwords are, the easier they are to guess using brute force tactics. Ideally, your password should have 12 characters or more.
Make them unrelated to you
So that they don’t forget, many people use familiar words and phrases, such as their middle name, favorite food, or a memorable quote, as their passwords. Unfortunately, such passwords are vulnerable to dictionary attacks.
Persistent hackers may also scour the victim’s social media posts for clues. A harmless birthday greeting from your friend, for instance, can lead to a compromised account if you used your birthday as your password.
To mitigate the risks, ensure your passwords are entirely unrelated to you or anything about you. Do not use the name of your school, spouse, or pet, or any personal information that could be easily searched for online. And to be safe, set your social media privacy settings to maximum and try not to post too much personal information.
Make them uncommon
Some users unwittingly create passwords that have been used by other people and which have been cracked before. The likes of “qwerty1234” and “password” are common examples. All hackers have to do is check databases of previously broken and leaked passwords, which are readily available on the dark web. They can then run these against your account to see which ones will work.
Make your password as unique as possible. Go out of your way to think of something that few or no other people may have used before.
Make them random
Avoid using any word you can find in the dictionary as your password. Instead, use a random combination of letters in both lower and upper cases and numbers. If special characters like “@” and “&” are allowed, use them too. These tactics protect you completely from dictionary attacks and make it harder for hackers to succeed using brute force methods.
What methods can you use to create strong passwords?
There are two ways to create passwords that are easy to remember but hard to break. The first involves using a random sentence or phrase.
- Think of a sentence or phrase that contains 12 or more words and, preferably, numbers and special characters. For example, you could use “Summers in Neverland have become 2 degrees warmer in 5 short years.”
- Keep the first letter of every word, as well as the numbers and special characters, and remove the rest. From the example, you’ll get “sinhb2dwi5sy”.
- Randomize the letters’ cases and replace some letters with special characters. This may give you “$inHb2W15sY”.
The second is called the Diceware method. This involves stringing together random words and applying certain rules to make them very hard to guess.
- Think of a phrase that contains four words or more. Avoid common phrases like “the big bang theory.” Instead, go for a nonsensical combination of words, like “sandal lactose bias met.”
- Randomize the cases of the letters within the words or replace some letters with special characters. You can remove the spaces between the words or replace them with special characters too. Using the above example, you can get “s@nDAl#lACT0s3#BiaS#m3T” as your password.
Alternatively, you can implement an array of advanced technologies and solutions, such as multifactor authentication and password managers, instead of depending solely on passwords. You may also use secure password alternatives like biometrics and one-time PINs. If you need help finding and implementing these solutions, our IT experts at Intouch IT will be very glad to assist you. Call us today to get started.