Today is World Password Day. Why are they important?

Reading time: 4 min

99% of hacks are related to passwords

Passwords are an important building block of cyber security and are often the key to personal information on social networks, email inboxes, digital services and, last but not least, bank accounts. Although we know many authentication techniques (e.g. biometrics, smart cards, etc.), the combination of a username and password is still the most common form of logging into online services.

Users are thus often required to remember many usernames and passwords. They can be defined as any set of characters consisting of letters, numbers, other characters (punctuation marks, symbols, …) and special characters. Most of us use simple passwords that are easy to remember, or have one password for multiple user accounts. We have to be careful when using passwords, because there are a lot of techniques to try and crack (guess) our passwords in one way or another. Weak passwords only make it easier for miscreants to crack, so it’s important to use strong passwords that are harder to guess. Special tools can also come to our aid when managing passwords.

Passwords have been around since ancient times. They were used to grant entry to a city, as well as distinguish between friends and foes in conflicts or wars. Nowadays, we use them on a daily basis.

What are “strong” and what are “weak” passwords?

The strength of a password depends mainly on its composition and length.

Weak passwords are short (6 or even 4 characters), consist of only one or two types of characters. Many times, such passwords also consist of names, full-meaning words, etc. The group of weak passwords also includes default passwords that users do not change (network devices, mobile phones). There are many lists of default passwords available online, so you can quickly find out the default passwords.

On the other hand, strong passwords are longer (at least 8 characters) and more “randomly” composed of different types of characters (a combination of upper and lower case letters, numbers and other characters from the keyboard). We do not choose strong passwords, but build them using various techniques. There are 3 rules for this. They have to be

  • complex
  • unique
  • kept a secret.

The main problem with such passwords is that we do not know how to remember them.

Managing passwords

The average user uses 70-80 different passwords. A good approach to password management is using password managers and storage tools. They support the user in creating, managing and saving passwords. Stored passwords are protected by encryption techniques. The advantages are therefore primarily the ease of use and good control. However, these tools also have weaknesses. If the user forgets the password for accessing the stored data, they have no choice but to change the passwords or create new user accounts, as it is usually impossible to access the data without knowing the password. If an attacker gets a hold of password files or the password to access that file, this not only gives them access to passwords, but also opens the door wide open for them to access all of our accounts and devices that are protected by the saved passwords.

There are many techniques for remembering passwords. They include:

  • “Three Words”
  • “The Email Address”
  • “The URL”
  • “Get to the point”
  • Visualization
Probably one of the more interesting ways of creating and remembering strong passwords was proposed some time ago by Kurt Muhl, the so-called “ethical hacker” from the American company RedTeam Security. He suggested that we think of an everyday sentence that also contains a number or a special character that we can remember. We then take only the first letters of the words in the sentence and this will give us a fairly strong password. The longer the phrase, the harder it will be to guess the password.