How Strong Passwords Keep Your Accounts Secure
When creating an account online, sometimes the password a user chooses doesn’t meet security criteria and gets rejected. This can cause frustration, but creating and using strong passwords is critical to online security. Many users don’t realize that guessing passwords is one of the most common ways hackers retrieve information.
The UK’s National Cyber Security Center (NCSC) recently released a list of the world’s top 20 most hacked passwords. Their list included anemic choices such as 123456, qwerty, password and Iloveyou. NCSC also called out the top five personal names, fictional characters, football teams and musicians that get included in passwords. Hint: If “MichaelTigger” is your password, you might want to change it.
Computers can test thousands of passwords, but in order to do so, the password has to be relatively easy to guess. That’s why a hacker can move so quickly into a breach when a user protects their account with an easy to guess password.
The importance of strong passwords reaches beyond a single account. Once hackers gain access to one account, they can follow the links to many other accounts connected with that one. By prioritizing a strong password for all personal accounts, users can protect themselves, their employers and their families from becoming victims of data leaks, embarrassing revelations or cybercrimes like identity theft.
Why Weak Passwords Are Easy to Crack and How Strong Passwords Keep Your Accounts Secure
Weak passwords help cybercriminals to jimmy the locks on privacy and data. Hackers use techniques such as the following:
This technique requires the hacker to try thousands of password combinations in hopes of landing on the right one. It’s more effective than it sounds since a computer can check thousands of password combinations in a single minute. In fact, most hackers can even guess which characters will be capitalized and what numbers will get added. That’s why using “p@ssword” or “Password1” is no more effective than using “password.”
Hackers know that many businesses use passwords related to their industry. By reading up on corporate terminology, hackers can make educated guesses about password content. This approach is particularly effective with large companies that use standardized passwords for office Wi-Fi accounts.
Phishers send emails that appear to come from reputable companies in order to persuade the receivers to send back personal information. Often, phishing scams request credit card, bank account, or Social Security numbers. Sometimes, though, hackers phish for passwords by getting people to enter it on a site that mirrors a legitimate site. The user thinks they’re logging into a real account. Astonishingly, this practice works about one-third of the time.
Rainbow Table Attack
One of the more sophisticated approaches to hacking, the rainbow table attack uses cryptanalysis to crack the password. When a computer stores a password, it encrypts the keystrokes not the actual letters and digits of the code. The table unencrypts those keystrokes and reveals the original password to the would-be hacker. The more common the password, the easier it is to decipher.
This approach relies on predictable human behavior. Cybercriminals pose as a friend, boss or colleague to trick the user into revealing the password. Hackers may reach out by phone or email to secure the information they need.
A keylogger is a type of surveillance that records every keystroke on a chosen keyboard or touchscreen. Employers may use it to monitor staff members, parents to keep track of their kids’ online activities and law enforcement to analyze potentially illegal computer usage. Hackers may use the technology, however, for more nefarious purposes.
How to Create a Strong Password
Strong password examples exhibit common characteristics such as length, diversity and complexity. The following tips can help users craft hard-to-break passwords.
- Use a mix of four unrelated words. A word such as “barn” makes a poor password choice because it’s straight out of the dictionary. For the same reason, a string such as “TheBigRedBarn” also fails as a strong password. But using four unrelated words can work. In this instance, it might be “SkilletBarnLeafHat.” Any string of four unrelated words can be easy to remember and hard to break.
- Avoid the obvious choices. Using the name of a parent, spouse, child, pet or street serves as a dead giveaway to hackers. In the same way, picking a favorite actor, musician or author can weaken a password choice. Anything that might be easy to guess or could be included in a get-to-know-you quiz diminishes a password’s security.
- Include 12-14 characters. Longer passwords are stronger than shorter ones. The more keystrokes involved, the more difficult the password is to guess, track or crack.
- Separate words with a number or symbol. If the password includes multiple words, separating them with a symbol or number can add an extra layer of security. Using the four-word password above as an example, it could read “Skillet*Barn$Leaf6Hat<.”
- Stay away from letter substitutions. While substituting a symbol or number for a letter can seem like an easy way to complexify a memorable password, it rarely works. Choices such as p@assw0rd, 1LoveYou, pa$$word, or Amer1c@n offer no challenge to a hacker.
Passwords are just one layer of corporate security. Today, companies of all sizes and in many industries have gotten hacked, costing them billions of dollars and requiring them to beef up digital security at all levels. Even the U.S. government considers cybersecurity a critical component of national security. Nevertheless, there could be 3.5 million unfilled cybersecurity jobs by 2021, according to Forbes.
These jobs often pay lucrative salaries and offer opportunities for advancement. A convenient, flexible way to enter the field is by earning a Bachelor of Science in Cyber Security degree online. In this program, you’ll learn key topics in computer systems, cyberlaw, policy creation and compliance that combine industry best practices with real-world application.
At Bethel University, you can be a part of the solution to identity theft and other cyberattacks. Graduates of our program enter the workforce with the skill set to help the biggest players on the world stage, like educational institutions, financial institutions, corporations, and government agencies. Our accredited program is taught by instructors who have experience in the field. And because our program is fully online, you can earn your degree at your pace, around your schedule.