IN this digital age, what is the one thing we really hate to have & remember, but then again, desperately need them to work?
We all know why we need passwords: to restrict access. But why does this needs to be complicated, many ask! Working in a web host company means dealing with very many passwords. Most times, am tempted to use a common password for many of the areas I need password for. But then, working in a web host company also means, I am most mindful of what passwords to use!
In a study in January this year, Keeper analyzed over 10mn passwords discovered from account breaches and listed the most common password in use. Does any of these feature in your “list” of passwords?
Most Common 15 passwords by Keeper:
Hackers use a number of strategies to try gain access:
- Brute Force Scripts – Using a script or computer program that try to guess the passwords, have attempt to gain access to digitally restricted areas.
- Dictionary Attack – Using a list of highly possible passwords, probably a list of things that particular user prefers – birthdays, anniversaries, relatives, friends, common passwords like password123 – and such.
- Key Logger Attack – Taking things further, this hacker simply installs a key-logger software – a program that takes note of EVERY keyboard press you make – from start to finish. The hacker will then simply try to login reading from the log file.
- Traffic Sniffing – Some password crackers can sniff authentication traffic between a client and server and extract password hashes.
- Password Resetting – Using a bootable disk, attackers often find it much easier to reset passwords than to guess them.
This is by no means an exhaustive list. It simply highlights some of the common means.
So how should you ensure your password is water tight?
a) Don’t Re-use passwords – however tempted you might to use one password for several accounts, DON’T. Most hackers will try to use the same password on several of your accounts.
b) Create a long yet memorable password – even without symbols or numbers, long passwords beat out short cryptic ones, by a wide margin. For instance “NASAandJubileeAreFighting” is way harder to crack than “Tw3nd#2007“.
c) Two-Factor Authentication – where an SMS or email gets sent with the second part of the login code – a short-life code. Its one of the best way to prevent unauthorized access.
d) Using password managers – which can create hard to crack passwords, and store them online. To make sure the password to this manager is not cracked, use two-step authorization with the manager.