As October marks Cybersecurity Awareness Month (CAM), Throughout the coming month, we will be sharing advice, guidance, and recommendations on various safety-related topics to empower and enlighten the community.
A potentially hazardous fact for some of you is that crafting a strong password can be a daunting task. This lack of coverage exposes numerous people to potential risks and vulnerabilities. A robust password consists of a judicious blend of alphanumeric characters, at least 12 characters in length, and incorporating symbols, numbers, and both uppercase and lowercase letters.
When it comes to creating strong passwords, a general guideline is that length is key, with longer passwords generally being more secure than shorter ones.
I recommend generating passwords that are so complex and lengthy that they’re virtually impossible for anyone to recall or guess.
Sounds backwards, proper? Are You Willing to Create Passwords That Are So Unforgettable, You’ll Struggle to Recall Them?
While the level of that rule is two-fold in nature – fostering fascination with password size and emphasizing its importance on one hand, and encouraging consideration of password managers on the other – To alleviate the frustration of remembering lengthy and intricate passwords due to their sheer size and complexity, wouldn’t it be prudent to employ a password management application that can securely store and recall them for you?
Password size and complexity
The primary reason you require lengthy passwords is to prevent successful guessing and cracking attempts.
As if the very foundation of one’s being is shattering into a thousand pieces. Following a website breach where passwords are compromised, a determined criminal may attempt to exploit the stored hash values by employing dictionaries of commonly used words and educated guesses.
The identical mindset does apply to direct password guessing. If your password consists of personal details such as the year you got married, specifically 1995, along with your spouse’s name being publicly known – April – it’s likely that your password can be easily guessed or compromised.
This is an instance using real data.
Within a mere three minutes per group, it was possible to breach all combinations of six- to ten-character passwords from among the most frequently used 100,000. More than 80,000 passwords had been vulnerable to cracking, with most being compromised far more quickly than the time spent documenting them thus far on this blog.
While most websites demand passwords that are at least eight characters in length, comprising both uppercase and lowercase letters, numerals, and special characters, you would logically presume that attempting to crack or guess such passwords would be a challenging endeavor.
However, it is unlikely that a strong password would be compromised due to the prevalence of password reuse and the use of widely known phrases, words, and patterns.
One crucial factor that effectively safeguards your accounts across various websites is the adoption of unique, complex passwords that deviate from commonly used words or phrases. While a hacked password on one website may seem like a significant security breach, modern password management practices ensure that this vulnerability is isolated to the affected account alone.
Be advised: If your password contains any of the following phrases, update it immediately. Among the vast array of commonly used passwords, these root phrases stand out as stark examples of easily guessable combinations employed to generate passwords.
- love
- qwerty
- soccer
- monkey
- dragon
- dad
- warrior
- courtroom
- summer time
- fall
- password
- angel
- alex
- chris
- crimson
- mother
- rocket
- highway
- winter
- spring
The checklist introduced earlier displays a subtle consistency. The comprehensive checklist encompasses a multitude of items, including names, state and city designations, sports terms, automotive vernacular, religious phrases, military jargon, colloquialisms, familial expressions, emotive language, musical group monikers, and hues.
Primarily, phrases that appear in dictionaries are unlikely to create robust passwords, as they lack sufficient complexity and uniqueness.
Randomness cannot truly be achieved by human attempts? However, when we attempt to inject randomness into our approach, we often find ourselves stuck in a rut, relying on familiar clichés and expressions. We’ll even throw in a ‘!’ and ‘@’ together with a few quantities to good measure.
While “Whereas” may initially seem like an impressive password, it is actually quite weak.
While true that this password meets certain criteria, there are two significant reasons why using one such as this is ill-advised: The terms “Ruby Red” and “Crimson” are well-known expressions. Notably, appending an exclamation mark (!) to the start of a password and incorporating the current year at the top of the password have emerged as common tactics that can be easily predicted.
Using a readily available hash value sample of -1 ?u?l !?1?1?1?1?1?1?12024, it is possible to crack the encryption within 12 seconds using SHA1 hashing, or approximately two minutes with SHA3 256 hashing.
Two distinct hashing options were evaluated; understanding the significance of this is crucial, as it directly impacts how passwords are stored on a website.
Despite this, if a truly random password is used for the sample, it would be extremely difficult to crack. In reality, attempting to guess a 12-character randomly generated password using SHA1 could take approximately 54 days, while SHA3 may require an even longer timeframe.
When a password is hashed using bcrypt, as employed by numerous websites, the cracking time increases exponentially – in fact, it would take an astonishing 164 thousand years for a hacker to successfully breach the encryption.
Enter password managers
The primary objective behind this ongoing password conversation is to convey two crucial pieces of information.
Human unpredictability being an illusion? People struggle to generate true randomness. Since a leaked or easily guessable password is vulnerable regardless of hashing, no amount of hashing can protect it and therefore all associated accounts are at risk.
As passwords grow in length, their distinctiveness increases, rendering them progressively safer, provided they are not reused across multiple websites.
With a password manager, you’ll generate truly random, complex, and unique passwords for each website you visit.
Which password manager are you utilizing as your supervisor? What’s perfect about this half?
While they may exhibit subtle differences, their fundamental capabilities remain remarkably consistent.
Alongside a detailed analysis of pricing and performance metrics. Among numerous password management tools. Students are taking their time to thoroughly study.
What’s crucial when selecting a password manager is its ability to generate robust passwords that are at least 20 characters long, comprising a well-balanced mix of uppercase and lowercase letters, numerals, and special characters, as well as the capacity to create unique passwords for each website.
Although the website may not support lengthy passwords, you can still generate truly random passwords with the help of a password manager, thereby minimizing the impact of this limitation.
At the end of the day, a password manager eliminates the need for password recycling and prevents simply guessed passwords or phrases. Passwords are really random.
In addition to relying on a password manager for enhanced security, an extra layer of protection is offered through the implementation of multi-factor authentication (MFA), providing further safeguarding against potential breaches. We’re about to explore what an MFA degree has to offer in another blog soon. If your password manager allows you to enable this feature, it is generally advisable to take advantage of the added security and permit it.
Lastly, we’ve got passkeys.
You may’ve heard about them. If circumstances permit, we will thoroughly explore that topic later this month. Passkeys provide a convenient alternative to traditional passwords for secure authentication. However, scaling software programs, including their management within ecosystem lock-ins, poses distinct challenges that the safety and growth sectors are actively tackling. As technology continues to advance, it’s increasingly likely that passkeys will become a standard feature in the near future, addressing emerging challenges.
The truth is, some .
Keep Protected!
Share:
