2022's best place for Cybersecurity Insights and Advice for Everyone

#1 - Signup to our list and get regular insights and advice on how to be cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

Strong Passwords. One giant step to protect our digital lives

by Cyberguy | Last Updated | January 31, 2022
CyberSecurity - Consumer|CyberSecurity - SMB

One weak password can lead the way to all sorts of evil-doer activities. Cyber criminals don’t only steal your money and sensitive information. They also steal your identity to commit fraudulent activities.

8 bad password practices you need to avoid

Bad password practices are getting more and more attention. The year 2019 saw 5,183 data breaches that exposed 7.9 billion records in high-profile cyber attacks. Financial organizations, internet companies and retail businesses have all been affected. This means there is a pretty good chance you’ve been affected too.

Psychology of Passwords

Bad password practices make it much easier for cyber criminals to do evil things. These practices could include:

We all struggle to create secure password combinations. Often, we have so many of them and trying to remember them all is, quite frankly, a pain. Unfortunately, we tend to take the easy path and make short and memorable passwords. And far too frequently, we use the same passwords everywhere.

Most Popular Passwords 2021

LogMeIn, which owns LastPass, did a study that shows each of us could average 85 passwords across all our online accounts. It’s not surprising when you count all your online accounts. You have banking, social media, media and other digital accounts. So it adds up fast.

We need to protect our personal information, money, and lives from cyber criminals. In many ways, password strength may be the last line of defense. While a pain, starting with good password ideas is a key step in the fight against cyber crime.

Having strong passwords protects your digital life. Yes, it does take a little work, but the numbers show it’s worth the effort. Using strong passwords has always been a challenge. But they are more important than ever for online security.

Why you need strong passwords

There are many reasons to use strong password combinations. But the primary reason is that the bad dudes have many ways to crack passwords.

Cracking passwords is primarily a math problem. With today’s computing power, solving that math problem can be done faster and faster. With the coming of quantum computers, the speed of cracking passwords will increase exponentially.

4 ways hackers steal your passwords

There are two primary methods for cracking passwords — brute force and dictionary-based attacks.

1. Brute force attack

The brute force method uses every possible combination of characters. It targets the length or number of characters in the password. It may also focus on specific alphanumeric or special characters.

2. Dictionary method

Dictionary attacks use a known set of words. They may be  previously hacked passwords or patterns from some defined list. The hackers will try to combine them in every possible way until they find the correct answer.

3. Keylogger attack

A keylogger attack involves a program that hides in your computer memory. It starts to run as soon as you open your computer. The keylogger captures every keystroke you type and creates a log. This log is then sent to the hacker. Keyloggers are often programmed so that they’re hidden in the Processes of your task manager, making them extremely difficult to detect.

4. Social engineering

Social engineering is a popular method hackers use to steal passwords. They trick their victims into revealing their passwords by developing some level of trust first.

Here’s one way this can go. A hacker may get in touch with you with a message that sounds urgent, rewarding, or threatening. For example, they can tell you that your email account is hacked. They will then ask for your login details so they can fix the issue. It may sound crazy to give away your password, but it often works. 

How you remember passwords

Estimated amount of time to crack a password

What’s troubling is the speed at which these cracking methods can operate. Many hackers use clusters of computers, so cracking keeps getting faster. Powerful computers can guess well over 100 billion passwords per second. And the numbers are rising with CPUs and GPUs becoming more powerful. Quantum computing will increase the speed by “orders of magnitude”.

But even with computers getting more powerful, there is still a good case for strong passwords. You can increase password entropy with longer, more complex, and more unique passwords. Password entropy is a measurement of how unguessable a password is. Even with super-fast computers, long, complex and unique passwords are very hard to crack.

Here are some simple numbers based on today’s computing power. This will give you an idea of the effect of password length and complexity on how long it would take a hacker to crack a password.

How long to crack passwords

So you can now imagine what a 16 or 20 character password would be like to crack. Longer and more complex is much better protection than simple and short – the math proves it.

#2 So here we are at the middle of the post. We still think it's a good idea to signup.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

So, what makes strong passwords?

The simple definition of a strong password is one that cannot be cracked using a brute force attack. It is always best to use longer passwords with more possible characters. The probability your complex password gets cracked becomes infinitesimal.

Here are the rules for creating hard-to-crack strong passwords:

Where to keep your passwords

So, how are you supposed to remember 85 16-character passwords?

This is a challenge, but it’s not impossible to solve. Here are two ways of keeping all your passwords safe.

1. Piece of paper

The first is on a good old piece of paper. Write down your passwords and keep them in a safe place. But someone can break into your house or office and steal that piece of paper. The probability of theft is low, and thieves would have to get into your house or office to get it. But it’s still tedious to have 85 passwords on paper and take it with you everywhere you need to go.

2. Password managers

The second option is to use a password manager. Experts recommend password managers. There are many of these available, both offline and online.

How a password manager works

Offline password manager

An offline password manager is one that’s installed into your devices. You’ll need to install a password manager in all your devices if you want to access your password database.

Online password manager

An online password manager is delivered via the cloud. The cloud makes it accessible to all your devices.

Both offline and online options support various features. They include a random password generator, password storage, password management, and auto-fill.

You won’t need to remember which username or email address you use for your online accounts. A secure password manager will fill this in for you.

You’ll only need to remember one password, the master password, so you can access all your other passwords. The password manager will auto-fill your login details for all other accounts. 

Strong passwords are essential, but they don’t help if your password is leaked in a data breach

Data breaches continue to happen at an alarming pace. Having extra protection is even more critical with sensitive data. 

These days, you need a secondary method to confirm your identity when logging in. This is now the standard. And service providers and app makers should offer this option. 

The most common form of secondary authentication is multi-factor authentication (MFA). You’re probably familiar with two-factor authentication, also called 2FA. 2FA is now used by most service providers, including Google, Amazon, and Facebook. Your bank and some government agencies like the IRS also uses 2FA. 

2FA typically sends you a one-time code (OTC) or one-time password (OTP) via text or email. You then enter the OTC or OTP on the service you want to access. 

There are other 2FA methods and technologies, such as the mobile authenticator apps you install on your phone. Some examples are Microsoft Authenticator, Google Authenticator, and Authy. These apps generate unique codes so you can complete your login.

Final thoughts: You don’t want your credentials to land on the dark web because of data breaches. Good password practices provide the first line of defense to your online accounts. These help you create a strong password culture to strengthen your online security. Remember the basics. Use longer password ideas, complex passwords, unique password choices, and password managers.

#3 You really should sign up. "Scouts Promise" ... it really will help you stay cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.