Introduction:
Everybody who signs into websites or uses
secure applications has passwords – probably a bunch of them. How secure are
your passwords? Are you sure? This post may shake your confidence, but it will
also guide you on how to create and use secure passwords.
How Easy Is
It to Crack Passwords?
Websites and applications do not save your
password in text form; they save a cryptographic hash of it. Passwords like
“password”, a pet name, or a common word can be cracked almost instantly using
a special dictionary of common password components.
It was based on the time to crack a password hash using a desktop computer with
a top-of-the-line graphics card and the time using cloud computer resources. At
best, these are optimistic estimates.
Bottom Line: your current passwords
probably are not strong enough.
Password Security:
Three
attributes are critical to creating truly secure passwords:
·
Length
·
Randomness
·
Uniqueness
Typically, websites and application
will not accept a password less than eight characters long. As passwords get
longer than eight characters, they become exponentially more difficult to guess
or crack. In most cases, websites and applications can accept passwords up to
64 characters long.
Truly random sequences of numbers,
upper-case letters, lower-case letters, and symbols are much harder to guess or
crack than passwords composed of words in a dictionary, or names and numbers
that are easily discovered as associated with you. Humans are not good at
creating truly random sequences, so that job is better done by a tool designed
and tested for the purpose.
If the same password is used for
multiple websites and applications, once hackers access it in one place, they
can easily use it in other places.
Human Limitations:
Human short-term memory capability is
limited. The most relevant memory capability measure when thinking about
passwords is span: the number of sequential chucks of information we can hold
in our short-term memory. Span varies
with the type of information to be remembered and is around seven for digits,
around six for letters, and around five for words. As a side note, that’s why
phone numbers are seven digits long. Long-term memories are created by
transferring them from short-term memory, but only important, frequently used,
and/or highly associated information is transferred. Therefore, long-term
memory is even more limited than short-term memory. Since passwords are
sequences of digits, letters, and symbols, our ability to remember them is
quite limited.
Worse yet, we need passwords for many
websites and applications, but the uniqueness requirement says each one should
be different. Humans are not good at remembering a large number of such
associations.
Dilemma:
Cyber security calls for long,
random, and unique passwords. We see advice all the time telling us not to
write passwords down. However, humans do better remembering a small number of
short sequences that make sense (not random) – especially if they are written
down. How can we resolve this direct conflict?
Password Managers:
Password managers are software
applications that store, fill in, create, and manage passwords for users’
websites, online accounts, and applications. Password managers can create long,
truly random, and unique passwords for you and then store them in an encrypted
format. After the password manager creates a password, you will need to go to
the website, account, or application and update the password to the one created
by the manager. You do not need to remember those passwords. Whenever a
password is required, the password manager can fill it in for you. You only
need to remember one secure master password to access the manager.
There are a number of available
password managers with various pros and cons. Some even have good free
versions. ClickAway would be happy to
discuss your particular password situation and recommend and install an
appropriate tool.
Write Down Usernames and Passwords:
The common advice about not writing
down credentials is more likely to prevent you from accessing your own
information than preventing some bad guy from accessing it. We have to help
customers recover forgotten or lost passwords all the time. Recording your
credentials on paper (not a computer file) stored in a safe location will
ensure that you never have to experience that problem. With a password manager,
you will probably only need to write down one set of credentials.
If you decide not to use a password
manager, keep a written list of credentials (both usernames and passwords) for
every website, account, and application you use; keep it up to date; and store
it in a safe place.
Conclusion:
Weak passwords can give bad guys
access to your valuable data and accounts. Forgetting your password can deny
you access to your valuable data and accounts. Why take those chances? ClickAway
recommends that you install and use a password manager and that you have it
create random passwords that are at least 16 characters long. Make sure the
master password is itself secure. Write down your important website, account,
and application credentials on paper, not a computer file, and store the
document somewhere safe.
Information Source: -https://clickaway.com/passwords-how-to-make-sure-they-are-secure/