Share

Follow Us

Passwords

Enter Password

Passwords; we can't seem to get away without them, as they are currently the standard way of protecting our digital data.  Even with passwords, personal data can still be at risk.  There are two main ways that hackers can get past a password defence.  Firstly, if you use a weak, or easily guessed password, a hacker can guess, or use brute force, to come up with your password.  The other way is when attackers hack the computer system of a company or organization, and steal all of the users passwords.

To minimize the first type of attack, it is important to create and use strong passwords.  While this does not guarantee that a determined hacker won't be able to break through, it helps to reduce the chances.  For the second type of attack, there is not much an individual can do to prevent a hacker from stealing their password from an organization, but there are ways to limit the impact.  The main thing is to ensure you don't use the same password for different sites or accounts.  Once a hacker has stolen passwords for one site, they will try to use those same passwords on other sites.  Another way to thwart hackers is to change your passwords regularly and if you hear of a site or organization being hacked, change your password immediately.

Strong Passwords

To help create Strong Passwords, use the follows list of Do's and Don't.

Do's

  1. Use a password with at least 8 to 10 characters. The more characters in the password, the more combinations there are, making it more difficult to hack it. For example, if a password only has upper case letters, a four character password would have approximately 450,000 combinations, if it had six characters there would be approximately 31,000,000 combinations, and if you use 8 characters, there would be approximately 210,000,000,000 combinations.
  2. Use a combination of numbers and letters, and use a mix of UPPER and lower case letters.  This also increases the number of combinations. For example, if a four characters password only uses upper case letters, there would be approximately 450,000 combinations, if it uses both upper and lower case letters, there would be approximately 7,000,000 combinations, and if numbers were included as well, then there would be approximately 15,000,000,000 combinations.
  3. Add a special character. This again increases the number of combinations, and reduces the risk of a dictionary attack.
  4. Change your password every few months.  This way, if your password has been discovered, it will eventually be changed and the hacker will again be out of luck.
  5. To help create passwords that you can remember, use a phrase you can remember, and then take the first letter of each word, then append a number to it.  For example, the phrase: This is a password phrase could give a password like: Tiapp123.
  6. Use a Password Manager, like PWMinder Suite, to help you remember, and keep track of your passwords.

Don'ts

  • Don't use password or 1234 as your password (you'd be surprised how many people do that).  See this cnet article for more examples.
  • Don't write your passwords down, or store them un-encrypted on your computer.
  • Don't use a word or name that is personally associated with you, such as a family member's name, birth month, city born, etc. If a hacker can find information about you, they will try to use that information to guess your password.
  • Don't use common words. These are easily cracked using a dictionary attack, where hackers will attempt to find your passwords buy trying all words in dictionary list of common words.
  • Don't use the same password for all of our account and websites.  If one of your passwords were to be exposed, then the hacker would immediately know the password for all of your other account and website.

Two-Factor Authentication

Two Factor Authentication Using strong passwords is a good start, but there is still a chance a hacker will get a hold of it, either by guessing, using brute force, or more likely stealing it from the database of the website you log in to.  To add an extra layer of protection, several prominent web sites are now employing two-factor authentication.  The basic idea of two-factor authentication is that in order to log in, a Web Site will ask for something you know and for something you have.  Typically the something you know is your typical password.  The something you have is often your mobile phone.  After entering your password, the web site will send a one time use code to your mobile phone, often as a text message.  If this code is not used within a short period of time, it will expire.  In this way someone trying to log in as you, will need to know your password and be able to receive a text message on your phone.

Two-factor authentication can be tedious, but most sites have a setting that once you have logged in once, using two-factor authentication, you can set it to remember that computer as trusted, so you don't need to go through the process every time.

Not all Web Sites offer two-factor, but several major ones do, such as Google, Facebook, PayPal, Twitter, LinkedIn and Dropbox.  If you use any of these site I would highly recommend setting up two-factor authentication.

  

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.