Passwords
Many people give passwords very little thought, when they can well be the very thing that actually keeps hackers and attackers from stealing your personal information and accessing online accounts. To many of us, passwords are something we take for granted, but the truth is, they serve a much greater purpose than just a simple word for logging in.
Passwords are in fact much more than this, they form a very big part of your defense against intrusion attacks on both your computer and accounts stored with online servers. Internet security is built upon a multi-layered platform with each layer forming an integral part of your defense package, passwords are perhaps one layer that offers the user the most amount of control in building and maintaining these defences.
In order for an attacker to gain access to an online account, they require two very important credentials which are then used to impersonate you to the online server that stores your account. These are your username and password. Once they have these credentials they more or less have free reign over your account.
Imagine if this account was your Amazon or PayPal account, or even worse, your bank account. It is possible for them to exploit any known vulnerabilities and then make transactions using your account. They can in some cases gain unauthorised access to your bank account, transfer
funds and even completely empty it!
funds and even completely empty it!
So how do we mitigate these attacks? You use very strong passwords, password strength is key in circumventing attackers from gaining unauthorised access to your computer and online accounts. A strong password is in a sense, one that will take an attacker far too long to crack to make it worthwhile. When the time and effort exceeds the reward, they may simply give up and look elsewhere.
That’s how attackers gain access to your accounts in the first place, they crack your password and use other credentials such as your username to then impersonate you so the other end believes it is
actually you making transactions. You can now clearly see that if they had these credentials how easy it would be for them to use your bank account.
actually you making transactions. You can now clearly see that if they had these credentials how easy it would be for them to use your bank account.
Transactions do not have to come from your computer, you could log on from the other side of the world while on an overseas holiday using any computer just as easy as (an attacker) or someone who has these same credentials can. Your banking institution has a server that grants or
denies access based on your credentials matching theirs, and if they match, you're in!
denies access based on your credentials matching theirs, and if they match, you're in!
A very important part of granting this access is accomplished via your password matching the one stored on their server, if this password is weak it may be easily cracked!
This is why it is vitally important to use the highest possible password strength allowed for any server, most will allow a minimum of eight characters. Always use as many as you can and make the password as obscure as possible so even someone you know will not guess what it is.
Never use anything that represents your street address, pet names, birthday, personal name, car rego, nick name etc. All these can be relatively easily guessed, especially if the criminal wanting them lives nearby or actually knows you!
There are a few rules regarding password strength, perhaps one of the most important is password complexity, by this I mean you must make your passwords as complex as possible. This involves using a minimum of eight characters that includes both upper and lower case, numbers and special characters.
To increase your password strength you may also be able to use a pass phrase instead of a password. This increases your security by adding additional characters and also using a phrase that only you know. As an example a pass phrase based on this topic could be:
As you can see I have included numbers, special characters and upper and lower case letters all combined to create a pass phrase. Obviously there are much more complex passwords and phrases possible but the above is just a simple example. The main point here is to increase password strength by making them as complex as possible.
To create strong passwords always:
1) Use a minimum of at least eight characters
2) Include upper and lower case characters
3) Include numbers and letters (alpha-numeric)
4) Include special characters eg: *^$%#@ _*etc.
5) Where possible make your password a pass phrase that includes the above.
2) Include upper and lower case characters
3) Include numbers and letters (alpha-numeric)
4) Include special characters eg: *^$%#@ _*etc.
5) Where possible make your password a pass phrase that includes the above.
By including all the above you make it very difficult for an attacker to randomly guess your password. The larger more complex passwords are said to offer the tightest security. This is because it will take hackers far too long to crack your password and they will eventually give up!
A good example of this is demonstrated by the minimum number of characters used in passwords for IT security administrators who maintain the secuirty of corporate enterprises, the minimum is usually 15 characters, but to increase security they may sometimes have passwords up to 24 characters long.
In fact it is believed that to crack an eight character password can still take a matter of years using a slow computer, the more powerful the attackers’ computer, the faster this process is, but when your password is eight characters or more, it is not as enticing to them as, let’s say a very weak four
character password. I must also mention that it is also possible for an attacker to make use of several computers working together as one larger poweful computer that provides extra processing power to speed up the carcking process.
character password. I must also mention that it is also possible for an attacker to make use of several computers working together as one larger poweful computer that provides extra processing power to speed up the carcking process.
As time and technology evolve, computer processing power increases, as does the hackers ability to crack even more complex passwords, the more computer power you have, the quicker it is to potentially crack a password.