Cybershots - Password Security

From emails to banking to social media to shopping and donating, the average person spends almost half of their day online. The reality is: many of these sites hold information that’s kept secure with a user-generated password.

A string of 5 to 16 characters is all that keeps hackers from accessing your information.

That’s why it’s so crucial that online users implement password security best practices and create strong passwords for every account they use.

One of the biggest mistakes that users make is replicating the same or very similar passwords on multiple accounts. As a result, cracking one password will lead to a domino effect that allows hackers entry into multiple accounts with little effort. All of your accounts should use different strong passwords. Also, they use words such as their first names and last names which should be avoided. It should use a combination of special characters and words that will be difficult to guess.

Use a mix of different types of characters to make the password harder to crack as in the example shown below.
This make it more difficult for the hackers to hack as there will be multiple number of combinations to look into.

The longer the password the better the security. Combining this length with complexity makes a password difficult to guess and/or brute force.

Be careful not to use predictable passwords and avoid the most common ones eg. Password123

Studies have shown that frequent password changes actually lead to weaker credentials. Users are more likely to create short, easy-to-guess passwords because they’re forced to create and remember a new password every couple of months.

Don't leave your laptop, tablet, or smartphone unattended in a public place. Even if you’re working on a secure Wi-Fi network, that won’t stop someone from taking your property or sneaking a peek at your device.

It’s become clear that people, if unchecked, follow very common patterns in password selection. As a result, cybercriminals use lists of common passwords and patterns found in previous breaches to narrow the universe of passwords attempted in their attacks.

Screening your passwords against a comprehensive set of unsafe/commonly used passwords gives rise to a unique set which makes it more difficult for cybercriminals to attack.

Longer passwords more secure

That was done through a brute-force attack, and it all could have been easily prevented if the passwords had been both more complex AND longer. ... Your password needs to be at least 8 characters, needs to have a capital and lowercase letter, a number, and a symbol.

These are different authentication factors for users to verify themselves to better protect both the user's credentials and the resources the user can access. It adds an additional layer of security, making it that much harder for unauthorized users to access your online accounts.

How to create better passwords?

The National Institute of Standards and Technology (NIST) recently published updates to their digital identity guidelines that advised companies to:

Avoid periodic password changes

Studies have shown that frequent password changes actually lead to weaker credentials. Users are more likely to create short, easy-to-guess passwords because they’re forced to create and remember a new password every couple of months.

Screen new passwords against lists of commonly used passwords

Companies just have to look at the most used passwords to see that users are still settling for convenience over security. To make things even worse many of these passwords have been compromised in previous breaches. Screening these passwords means that you can avoid using very weak passwords.

Remove arbitrary password complexity requirements

Asking users to include at least one uppercase letter, number, and symbol results in passwords like “Fido123!” and “Jessica1234%” which are very predictable and easy to crack.