Passwords - Part 1

You've been hacked!

Passwords: The Good, The Bad & The Ugly – Part 1

Written by Idara Akan - 05/02/2016

At the end of this write-up, we would have learnt:

  • Functions of passwords
  • How to create a strong password
  • How to protect your password

 

Passwords, our permit or laissez-passé to the digital world! A permutation and combination of numbers, alphabets and special characters which determine if we are permitted into the digital world and then which particular area we are permitted to explore! Passwords grant access to computer resources such as a bank account, computer, email, or a server on a network and are designed to limit access to only those individuals who are authorised. In this way they help protect your privacy and identity. For the kind of power possessed by this permit, one would expect that a password would be jealously guarded such that it would not fall into unworthy hands. Unfortunately, the reverse is the case!

 

A survey revealed that the most popular password is this combination 123456! In second place is password followed by 12345678. According to PC World, a survey revealed that 75% of us have the same password for our email and social networking sites. Even worse, finding the email or user name attached to people accounts was simple especially because 87% of emails revealed them online through blogs, random social network postings or the like. As if that was not bad enough, a survey by Webroot revealed that four out of ten people have shared their password with someone and 30% of them logged into a site with their own password over public WiFi. In other cases, people simply use their children’s or pet’s names or their birth date - information that can be easily found on the Internet, especially sites such as on Facebook.

 

Combined with our username, our passwords are the most common way to prove our identity when using websites, email accounts and our computer devices. Passwords are a common form of authentication and might be the only barrier between a stranger and our personal information. With access to our password, an attacker can steal our digital identity, access our bank accounts, or even access our organisation’s confidential information, causing a tremendous amount of harm.

 

How then can we reduce the possibility of having our passwords hacked, knowing that it is the key to our identity in the online world? One way could be to create a super duper password that cannot be guessed by any human or machine! But with the advent of applications attackers use to help guess or "crack" passwords, will this feat be attainable?

 

Our next best option would be to learn what makes a good password and how to use it safely. This way we will protect ourselves, our family, and our organization. Here is some recommended guidance.

I.       STRONG PASSWORDS

1.       Use secure passwords.

The best passwords contain uppercase and lowercase letters, numbers, and special characters. You should also avoid using easily guessed words or alphanumeric combinations, such as the names of children or pets, birth dates, addresses, and similar information that can be easily guessed by someone looking at your Facebook profile or through a Google search. "A strong password should be more than eight characters in length, and contain both capital letters and at least one numeric or other non-alphabetical character. Use of non-dictionary words is also recommended," suggests the Identity Theft Resource Center. Twitter: @ITRCSD

2.       Don't use bank verification numbers (BVN), social security numbers (SSN), phone numbers, addresses, or other personally identifiable information as passwords.

Don't use numbers or combinations associated with other personally identifiable information as all or even part of your passwords. "Don't use any part of your social security number (or any other sensitive info, like a credit card number) as a password, user ID or personal identification number (PIN). If someone gains access to this information, it will be among the first things they use to try to get into your account," Bank of America advises. Twitter: @BofA_News

3.       Use "passphrases" rather than "passwords".

A passphrase is simply a different way of thinking about a much longer password. Dictionary words and names are no longer restricted. In fact, one of the very few restrictions is the length - 15 characters. Your passphrase can be a favourite song lyric, quote from a book, magazine, or movie, or something your kids said last week. It is really that easy," explains Indiana University's Protect IU. Think of a saying or series of words that is easy for you to remember, and use the first letter of each word in the phrase, along with a combination of numbers and special characters, as your passphrase. Twitter: @IndianaUniv

For example, the sentence below may be very simple for you to remember:

My 2nd blog article was published on the Internet at 9.45am

However, we can use that sentence to create the password you see here.

M2bawpotI@9:45am

What we did was simply use the first letter from each word. We capitalized some of these letters. In addition, we replaced the word “at” with the symbol “@.” Finally, we included the time at the end. This is a long, complex password that will be very difficult to guess but simple to remember.

4.       Organize your passwords in logical groupings.

By using a different system for creating passwords for different types of websites, such as social networking websites, financial institutions, and other membership sites, you ensure that should a hacker crack one of your algorithms, they would not immediately be able to crack all of your accounts' passwords. "First up, group your passwords by function — social media, financial information, work — and use a different approach for creating passwords within each group. That way, if a hacker figures out your Facebook password, he won’t be just clicks away from your bank account," explains an article on Boston Globe. Twitter: @BostonGlobe

For example, an approach could be: for any website account, the template would be //XXXXX99MmYY//

where:

XXXX could be the even number letters of the name of the social media. Where the name of the social media platform will not be sufficient, the first five characters will be used. The letters will be alternated as capital and small letters;

99 is the time in minute using the 24hr clock, the password is created;

Mm is the first two letters of the month the password is created;

YY is the last two digits of the year the password is created.

 

Thus for a Facebook account, the password would be:

//AeOk50Fe16//

 

Click here to read Passwords - Part 2.....