A 2020’s survey by “Digital Guardian”, reveals that an average person “owns” a few dozens of online accounts. Therefore, they have to maintain these online accounts and usually remember, numerous passwords for social media, online shopping, financial and email accounts.
People usually use weak passwords or even the same password across various platforms for flexibility, which is completely wrong, because in case of a single account compromise, an attacker can use the same password to login to all the victim’s accounts. If the target uses a weak password, it makes the attacker’s life easy.
An attacker can easily “guess” a weak password, by using brute force, or dictionary attack techniques. Examples of weak passwords:
- password is same as the username
- password is comprised of your name or surname, or even family’s member name
- you generate a password using birth dates, pet names, telephone number, etc.
Password cracking techniques, such as Brute Force Attack, Dictionary Attack, or even Social Engineering, can be utilizes to easily crack a password.
To protect from attackers, users must enforce strong passwords. A strong password can be a combination of lowercase and uppercase characters, a special character and numbers. Its length should be over 15 characters, if possible.
Passphrase instead of Passwords
A user can use a passphrase similarly to a password. The more the length, the better. For instance, the phrase: “I believe I can fly!”, contains 20 characters, including spaces and a combination of uppercase, lowercase and a special character. You can easily change this phrase to “1 believe 1 can fly!”, to include numeric values as well to make it a very secure password and simple to memorize.
Password Length VS Complexity
Jason Fossen, states that adding more length is better than adding more complexity. In his spreadsheet, he displays the maximum days need to crack a random passphrase, in relation with the character set used in that passphrase. A password comprised of sixteen lowercase characters, statistically needs more days, to be cracked than an eleven characters password comprised of lowercase, uppercase, numbers and symbol. The first one would be much easier to memorize, as well. Different passwords should be used for every individual account.
Password Managers come as the solution for the password memorization problem. KeePass is an open source and light-weight password manager that can do the job at home and at work as well.
2FA or Two-Factor authentication or MFA, provides an extra layer of protection for your online accounts, by involving an extra mechanism of proving user’s identity. It is not impossible to hack an account with 2FA enabled, but it is extremely difficult. “The Verge” posted an excellent article on how to setup 2FA on your online accounts, which includes guides on enabling 2FA across the most popular platforms, such as Amazon, Google, Microsoft, PayPal, etc. Microsoft states that 2FA can block over 99.9 percent of account compromise attacks.