We are living in the digital age and passwords have become a part of our daily lives. They are our first line of defense when it comes to sensitive data. Surprisingly, however, the list of the most commonly-used passwords worldwide has not changed much in the past years according to surveys.
The use of weak passwords makes us vulnerable to cyberattacks, and so, in order to understand how to keep our data safe and secure, we first need to understand the common methods hackers use to gain access to our accounts.
One of the more famous methods is a brute-force attack. It is a simple yet reliable tactic for gaining unauthorized access to an account, as it uses a computer program to run through every possible combination of characters to crack a password. Another example is the dictionary attack, in which the attacker uses a pre-arranged list of the most commonly used passwords. Finally, hackers can take a list of usernames and passwords from previous data breaches, and try them against other services, also known as credential stuffing.
Passwords are the keys to our online lives so their security should be one of our top priorities. Here are some of the most common myths and misconceptions surrounding the use of passwords.
While it is true that having a memorable password reduces the chance of you losing access to your account, it also increases the possibility of getting hacked. In fact, memorable words, phrases, and dates are often included in the predefined list of passwords that hackers use when executing a dictionary attack, which only makes you more susceptible to having your account breached.
Increasing the complexity of the password is one of the best ways to improve its security. Although adding numbers to your password, or replacing letters with symbols ($%!#%@) is a good idea to improve security, using a random string of characters — as the ones created by password generators such as LastPass — remains the best option.
As previously explained, making your password more complex — introducing a random set of numbers and symbols — is one of the best ways to strengthen security, but just adding “123” or replacing a letter with a symbol will not do much to slow down attackers. There is a reason why many websites require a set minimum of character count for passwords, and also indicate that the longer it is, the better.
Using the aforementioned brute-force attack method, hackers can crack even a randomized collection of symbols relatively quickly, if it is only six characters long. As each additional character makes it exponentially harder to break your password, it is recommended that a password should be, at the bare minimum, 12 characters long.
Two-factor authentication (2FA) is indeed one of the best ways to add security to your account, and while highly advisable, they are not 100% impervious to hackers. Over time, SMS has become a convenient way to send unique codes for 2FA, but that technology was not designed with security in mind, and hackers have found ways to trick cell phone carriers into sending the code to their phones, also known as SIM-jacking.
Using an app like Google Authenticator to generate the second step of verification on your phone is one of the best alternatives to SMS 2FA, but still, it should only be considered as an added layer of defense and not a replacement for a strong password. When a strong password is used together with 2FA, it becomes that much harder for hackers to gain access to your account.
Some users fall into a sense of false security once they create a strong password, and often would use the same one for all their accounts. And while this makes it easier to manage online activity, it also means that if an attacker is able to gain access to one of your accounts, he can quickly breach the rest.
Therefore, the creation of a strong password for each of your accounts is considered an essential part of online security, which can significantly limit the threat posed by any one successful attack. It is true that remembering multiple 12-character long passwords is difficult, which is why the use of password managers is becoming more widespread, as they allow you to remember one “master password” that gives you access to all your accounts, while still maintaining security.
At the end of the day, passwords are there to protect your most sensitive data, whether it is financial, health, or just your favorite photos. Due to their importance, passwords are always the target of hackers, which makes it vitally important that you follow password hygiene best practices.
This includes, but is not limited to, selecting a strong password for each and every account you have, replacing all of your passwords every few months, as well as not sharing your passwords with others for convenience. Improving the overall security of your device is also a good choice, considering that malware is becoming one of the favorite tools of hackers.