99% of hacks are related to passwords
Passwords are an important building block of cyber security and are often the key to personal information on social networks, email inboxes, digital services and, last but not least, bank accounts. Although we know many authentication techniques (e.g. biometrics, smart cards, etc.), the combination of a username and password is still the most common form of logging into online services.
Users are thus often required to remember many usernames and passwords. They can be defined as any set of characters consisting of letters, numbers, other characters (punctuation marks, symbols, …) and special characters. Most of us use simple passwords that are easy to remember, or have one password for multiple user accounts. We have to be careful when using passwords, because there are a lot of techniques to try and crack (guess) our passwords in one way or another. Weak passwords only make it easier for miscreants to crack, so it’s important to use strong passwords that are harder to guess. Special tools can also come to our aid when managing passwords.
Passwords have been around since ancient times. They were used to grant entry to a city, as well as distinguish between friends and foes in conflicts or wars. Nowadays, we use them on a daily basis.
What are “strong” and what are “weak” passwords?
The strength of a password depends mainly on its composition and length.
Weak passwords are short (6 or even 4 characters), consist of only one or two types of characters. Many times, such passwords also consist of names, full-meaning words, etc. The group of weak passwords also includes default passwords that users do not change (network devices, mobile phones). There are many lists of default passwords available online, so you can quickly find out the default passwords.
On the other hand, strong passwords are longer (at least 8 characters) and more “randomly” composed of different types of characters (a combination of upper and lower case letters, numbers and other characters from the keyboard). We do not choose strong passwords, but build them using various techniques. There are 3 rules for this. They have to be
- complex
- unique
- kept a secret.
The main problem with such passwords is that we do not know how to remember them.
Managing passwords
The average user uses 70-80 different passwords. A good approach to password management is using password managers and storage tools. They support the user in creating, managing and saving passwords. Stored passwords are protected by encryption techniques. The advantages are therefore primarily the ease of use and good control. However, these tools also have weaknesses. If the user forgets the password for accessing the stored data, they have no choice but to change the passwords or create new user accounts, as it is usually impossible to access the data without knowing the password. If an attacker gets a hold of password files or the password to access that file, this not only gives them access to passwords, but also opens the door wide open for them to access all of our accounts and devices that are protected by the saved passwords.
There are many techniques for remembering passwords. They include:
- “Three Words”
- “The Email Address”
- “The URL”
- “Get to the point”
- Visualization
- …
