Are you one of those whose passwords look like Name@1234? Oh, or may be you think Google Chrome will suggest a password and memorize it on your behalf so that you don’t have to worry. Inception of passwords took place in 1961 in Massachusetts Institute of Technology. And you’d be surprised to know about the first password breach. In the same year of 1961, a researcher printed out a password on piece of paper and handed it over to other users, internet recorded it’s first breach ever. Ever since, passwords and cyberpunks are in a cat and mouse game. So what possibly could be a good strategy on “how to create a strong password in 2021?” Let’s take it step by step.
Why am I Even Reading this?
So, if you are thinking, why is this article even worth my time, I don’t blame ya. Most of us have a mindset that even if our passwords get compromised, there is nothing much that a hacker can gain out of it. “Oh, I don’t have anything to hide on social media”, I hear this all the time, especially from the older generation who is unaware of the fact: how much these tech companies know about them.
For some perspective, recently Twitter accounts of Elon Musk, Joe Biden were compromised asking their followers to send some bitcoin to a specific address. So assuming that you are safe from this new age crime, that is the most noob mistake one can do.
Everyone who isn’t sensitive about their online privacy, please look up identity theft on Google. That might ring a bell. And if nothing else, at least ensure that your money safe. Let us start with understanding why is it all the more important in 2021 to care about the creation of a strong internet password:
1. Touch ID:
Today, most of the devices have a touch ID inbuilt in them. Also, most apps can now integrate with the touch ID and allow you to sign in using a thumb impression or some sort of facial recognition system. With these alternate ways of signing in, we have almost forgotten the art of remembering passwords and also changing them frequently.
2. Internet Revolution:
India is witnessing a rise in internet users like no other country. Even with 600mn active users in 2021, we are just halfway there. While this is a positive sign for a nation, this also means that more and more crooks will now jump into the profession of hacking and try to dupe you. So, realizing the importance of a strong password is of utmost significance now.
How to Hackers Crack Passwords Anyway?
So while we embark on our journey of protection of our online privacy, it is important to understand the strategy of individuals on the opposite side of the fence. Here are some common methods using which a hacker can gain access to your passwords:
1. Brute Force:
This is one of the most common type of attacks. Brute force means using all the possible combinations for guessing your password. And with the increase in computing power by a factor of trillion, this job is getting easier by the day. This is why, websites/apps now put a minimum character length limit on the password.
This technique involves driving you towards a website that resembles the “original” through modes like mail/SMS etc. For example, you may get a mail that says a friend of you has tagged in a photo on Facebook (call to action), and you may be redirected to a link that looks like Facebook. As soon as you try to login by putting in your credentials, you are done! Easy-peasy for a hacker if you aren’t attentive enough.
3. Dictionary Attack:
As the name suggests, this trick involves trying out all the passwords using words in dictionary. So if you are one of the lazy people who hate typing in a upper case/ lower case letters and numerical characters, you are prone to these kind of attacks. So if you are keeping your passwords as some regular word: you are just trying your luck.
What are Strong Passwords then?
So does a concept of strong password exist at all? If you follow certain guidelines, of course. So what are some go-to thumb rules you can use?
After setting up enough context, should I still mention this? I think I should. Most common and weakest password list of 2020 by nordpass reveals that people hardly take passwords seriously. Here are top 3 for your reference. Interested in more stupidity? Here is a link to the complete list.
1. Sets of Passwords:
As we surf internet more than ever, there are so many applications/websites that require a sign up. Remembering each one of them is just not humanly possible. Obviously, some of them are more important than others. Therefore, I try to create a set of resembling passwords for each purpose. Of course the password for my banking apps/social media cannot be remotely related to something like slideshare or other one time login sites. So passwords on one time login sites may look like <WebsiteInitials>@1234 while for my banking app, it may be something entirely different.
2. Go Long:
To save yourself from a brute force attack, it is always advisable to go long when it comes to character length. In 2012, an industrious hacker unveiled a 25-GPU cluster he had programmed to crack any 8-character Windows password containing uppercase and lowercase letters, numbers, and symbols in less than six hours. It has the ability to try 350 billion guesses per second. Therefore, it is advisable to keep your passwords as long as 15 characters if not more.
3. Mix it Up:
Use a combination of upper case, small case, symbols, numeric for your passwords. The more complicated you make it, harder it is to crack it using brute force. Also, don’t try to add a layer of complexity using leet (a hipster way of typing by replacing alphabet with numbers of special symbols. eg. a=@, B=3 etc.). That is not going to help.
4. The Secret Key:
You can set up some kind of rules and implement them as per the website/app you are creating password for. For example, I would pick first three letters of each word of the sentence and create a password by mixing it up. Say you are signing up for Facebook and sentence (key) you could think of is
“Password for the Facebook application”
Applying the key, password can be Pasforthefacapp. Mixing it up, and you have P@s4theFACapp. You can make a universal key and set up a different, easy to remember, hard to crack password for each application/website.
5. Password Generators:
You can use password generators online to create random passwords. Example of one such generator is the inbuilt feature of Chrome.
Chrome acts as a password generator and password manager at the same time. Not only it will generate this password, but also sync it with all your devices logged in with the same ID.
However, with privacy and security being of utmost significance, I prefer to generate and remember my passwords without using Google’s help.
6. Password Managers:
And finally if you don’t trust Google with your passwords, there are multiple password managers out there to help you memorize. I personally use LastPass as my password manager. You can check out the other alternatives here.
Gone are the days when your online and in-person personas were mutually exclusive. It’s high time that you consider them in unison and try to protect your online presence the way you’d do for your actual self. While you safeguard your passwords, ensure that your security questions are taken care of too. Your account can be equally vulnerable because of ‘not thought through’ security questions.
Until Next Time. . .