Password Security

By | November 12, 2017

The importance of online security has risen due to the increase in cyber attacks and data breaches over recent years. One of the most vulnerable information for online users is PASSWORD.

I want to highlight few common mistakes made by people that results in password compromise.

Contrary to popular belief that everyone is unique, its no so while choosing a password. The most common mistake that people make is choosing a weak and common password. In a recent survey the top three most terrible passwords were  ‘123456’, ‘password’ and ‘12345678‘. No only these are terrible passwords, these are few of most common passwords.
A general rule of thumb for choosing good passwords should be
Use a combination of lowercase, uppercase, numbers, and special characters of 8 characters long or more like z%5^s8rt$i.

Theoretically, any password can be cracked using password brute force attack, no matter its complexity. Practically, a complex password with at least 8 characters will require years to be cracked even with most modern hard wares.

Even when a person chooses a complex password, he makes the second mistake of using the same password across different sites. This means your password is as secure as the weakest of the sites. For example if you use the same email and password for your gmail, facebook, twitter, and some vulnerablesite.com account and there is a data breach on vulnerablesite.com and your passwords are revealed, it effectively means all of your accounts is  compromised.

So its always recommended to use strong password and unique passwords for different sites. If its difficult to remember, you can try a good password manager tool.
To summarize good password practices :
  1. Choose a strong unique password using a combination of lowercase, uppercase, numbers, and special characters of at least 8 characters long even if website allows simpler password.
  2. Avoid using same password across multiple sites.
  3. Do not write down your password anywhere. If you cannot remember all passwords, note down some password hint that only you can understand. you can also try using a password manager.
  4. If the website supports, use option like ‘Sign in using google’, ‘ Sign in using facebook’ etc.
  5. If the website supports, enable dual authentication like OTP on mobile etc.
  6. Never share your password with anyone even if you get a mail from an email appearing to be from the website.
  7. Don’t trust any login page that does not has “https://” in the address bar of the browser.
  8. Change your passwords often.
Be safe online 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *