Thursday, November 21, 2024

How do You Create Strong Passwords?

How do You Create Strong Passwords?

In the information security realm, it is a well-established fact that creating strong passwords is critical and absolutely necessary in making up the first wall of defense against cyber threats. Passwords are something that is often overlooked by all of us, and there are few things more dangerous than that. The reason passwords are overlooked for most people is that they still have not directly experienced a hacking event that could compromise their most sensitive data. However, most internet users do not know that their details have already been silently compromised, perhaps even at this very moment. 

Overarching breach campaigns have resulted in billions of email addresses and other accounts being publicly leaked, or sold on the dark web in exchange for digital currency. Your details are probably included which means your email address is compromised until you change your password as well as add more layers of security. On the other hand, insufficient password practices can lead to big problems for enterprises -a.k.a businesses. 

People seem to be habituated to the classical way of thinking that they can rely on established digital brands and the government to take care of the security of their information. They could not be more wrong. Today is a time when we have to take information security into our own hands, which means building a defense-first mindset, which begins at network security and of course, password security.

How Passwords Have Changed Over Time

Back in the day, what it meant to use a computer was defined quite differently. The internet was nowhere near as large or all-powerful and computers were a shadow of what they are today. Also, there was no such thing as high-powered 5G smartphones a decade ago, remember, mobile devices take up the majority of internet access statistics. The number of websites, services, and applications was also a tiny fraction of what it is today. As a result of the digital revolution, we have in the meantime become extremely dependent on the internet from the most trivial things to our medical and financial records. What does this mean for the safety of your passwords? It means that there are more opportunities than ever for digital criminals to breach your passwords. Let’s also not forget the fact that there are more hacking tools openly available for download than ever. Back in the day, none of us had more than two or three online accounts, let alone apps or services. 

Today, the average person has multiple accounts which means multiple passwords -and most importantly multiple ways for hackers to compromise the account. In Asia and the United States, where internet usage and development is at its greatest, it is not uncommon for an internet user to have over 20 different account passwords, sometimes more. This analogy may put the scenario into perspective; the more possible entry points the Louvre museum has, the more ways a criminal can breach security and steal valuable pieces of art. 

A strong password is like a well-designed backpack, it cannot be breached by average criminals with freely available tools. However, the fact that hackers have access to, by contrast to a decade ago, immensely more powerful computers and hacking algorithms, you need to have a very strong password today to be truly protected. 

What Can Happen as a Result of a Weak Password

Several scenarios can happen as a result of a weak password and have happened. It is estimated that over 80% of business data breaches occur due to weak or insufficient passwords. With stolen credentials statistically being the most popular method of data breaches, the second is RAM scraper malware and the third is social engineering schemes such as phishing. That means that as an individual, you are at risk of these three scenarios. If you are the CEO of a company, you are both at risk yourself and your entire employee and customer base is at risk too. Here is a list of the most common after-effects of a password breach supported by real-world scenarios;

  • The Florida water treatment plant systems breach caused by a weak password
  • The Dropbox data breach that led to 60 million records being leaked was due to a password that was reused
  • It is being disputed whether the largest data breach to date, the SolarWinds breach, was in part caused by a weak password somewhere along the way

Hacker algorithms (hacking programs) have become very advanced and automated to boot (such as keyloggers and automated scrapers.) They can refer to an enormous ready-made database of commonly used passwords, even industry-specific passwords, and scrape the info with ease. For hackers, the fact that the majority of the population has weak, predictable password practices is like being a kid in a candy shop with a handful of money.

Digital Safety And Password Best Practices

Shockingly, internet users and companies alike do not give much thought to their password security. For that reason, let’s look at what it takes to create a strong password and how to be much safer online in general. Creating a strong password is not difficult, because all you need is for it to be longer than 10 characters, and for it to include a good variety of numbers, upper case letters, lower case letters, and special symbols in a randomized sequence. This alone could save you huge headaches down the road, but surprisingly most people’s passwords are painfully simple and predictable. There are three things you need to do to vastly improve your password security;

  • Download a premium, peer-reviewed password manager such as 1Password that can encrypt all of your passwords as well as generate special passwords for you so that you don’t have to. It can even input passwords for you where they are required
  • Keep all of your passwords written down and away from prying eyes
  • Never use the same password for more than one account

You could also benefit from using a VPN or Virtual Private Network to encrypt your network connection to add an extra layer of security to your internet traffic at the source. Not to mention that a VPN obfuscates your IP address making it more difficult for password stealers to track you. Another key is to use multi-factor authentication wherever possible, which adds a unique authentication to the mix, which makes it almost impossible for a hacker to breach your data.