¶ Introduction
-
A password is a secret key (random character sequence) created by a user and associated with his account. Passwords form an efficient way to authenticate a user. They remain the ultimate way to log in to an account, retrieve stored data, and much more.
-
A hacker is a person who wishes to obtain a user's password so he can gain access to a victim's account, and take harmful actions (steal credentials, credit card info, place a virus on a PC or a local network...).
-
Hackers activities are day-to-day increasing, especially that humanity rely on technology, and remote work and learn saw the light a couple of years ago.
On the other side, users are not properly educated about cyber attacks, nor about the risks that they could go into if they fall victim to an attack. -
A good step to take to prevent hackers obtaining your password is to create a strong password for your account. This guide will help you do so, not to fall victim and locked out of your account.
¶ Weak Passwords
Weak passwords are easy to guess or to crack. They are based on personal information, work information, well-known information, or something similar. Hence, weak passwords are to avoid.
Following are some examples of weak passwords.
¶ Simple passwords
A simple password can be any of the following:
- A short password
That is, a password with less than 10 characters - An easy to guess password
A password refering to something you have or you do or you like (e.g., your name, your dog's name...) - A simple password
A string of characters not including capital letters, nor numbers, nor special characters
¶ Default/common used Passwords
These form a list of well-know and well-used passwords. If you use any of them, there's a high chance your account will be at risk. Below is a list of some common words used as passwords, remember not to use them.
¶ Passwords based on known source
These are passwords that are either based on:
- You
Your personal information (Name, DOB, home address, phone number, ...), your work information (company name, address, ...) - Something famous you like
This could be anything well known you like (a movie, a meal, a place, ...)
If a hacker knows you and what you like, a simple guess could lead him to compromise your account.
¶ Repeated Passwords
- That is, when you use the same password for more than one account you own. If one of the account has been compromised, or your password was retrieved, there's a high chance that you loose all the accounts with the same passowrd.
- This also applies to having the same password for multiple devices (e.g., having 2 mobile phones with the same PIN on both's lockscreen).
¶ Simple Password Obfuscation
Obfuscation is the process of replacing a character with another, to make the plain text unreadable, or un-understandable by a human.
A simple obfuscation of the word password is P@ssw0rd.
Can you spot the differences?
- The small
pis replaced by a capitalP - The small
ais replaced by the@symbol - The small
ois replaced by the number zero0
Yes, the word has been obduscated, but No, it is still weak, leaving it a weak password.
¶ Strong Passwords
Strong passwords makes it harder for attackers to guess it, and to take control over your accounts. Learn how to create a strong password by following the below steps.
¶ Random Passphrase
Start by creating a passphrase. This could be:
- a sequence of random characters
- 3 or more words concatenated to form a long string of characters (more than 10 characters). If you opt this option, try to use uncommon words, like
umberinstead ofnumber(Umber is a shade of brown)
¶ Capital Letters
After you create your passphrase, randomly pick some letters, and change them from small to capital.
¶ Numbers
After capitalizing some letters, insert some numbers between characters.
Don't insert them by order (1, then 2, then 3); Instead, insert them randomly as well (e.g., 9 then 2 then 4...)
¶ Special Characters
Lastly, you should insert some special characters into your passphrase.
Some special characters: ! @ # $ % & * ( ) - _
Just as you did for numbers, you should do for special characters (insert them randomly, in a random position within your passphrase)
¶ Example
Let's take an example to see how can we apply the above steps to create a strong password
| Steps | Updated Password |
|---|---|
| Random Passphrase | unrolltheblackumbrella (4 concatenated words: unroll the black umbrella) |
| Capital Letters | uNrolLtheBlaCkuMbrElLA |
| Numbers | 2uNr5ol7Lthe8Bla9CkuM1brE4lL6A3 |
| Special Characters | 2uN$r5!ol7L@the8B*la9Ck(uM1&brE%4lL6A3 |
Looks hard? let's take an easier example
| Steps | Updated Password |
|---|---|
| Random Passphrase | djejandtoum (3 concatenated words: djej and toum) |
| Capital Letters | dJEjaNdTouM |
| Numbers | 3dJE9j1aNd4Tou8M2 |
| Special Characters | 3$dJ%E9j1@N#d4!To*u8<M?2 |
¶ Conclusion
You should always use a strong and unique password to protect your account. Nevertheless, always remember the following:
- Use a unique password for each account you own.
- Change your password frequently, abiding by the aforementioned steps
- Don’t share your password with anyone (if you had to do so, remember to change it directly afterwards)
¶ Beyond generating strong passwords
Having to remember hard passwords is difficult, especially if you have a many accounts (emails, social networking accounts, work accounts, bank accounts, ...)
A password manager is your solution! It securely stores all your passwords, and all you need to remember is a master password to retrieve your desired account credentials.
More about password managers will be shared soon!
Be cyber-safe out there!