The weakest security point for your online accounts is usually your password. Some people find it difficult to remember secure passwords or PIN, and then opt for something simple, easy to remember, or what they see daily, such as their personal information, child’s name, date of birth, name of spouse, favourite colours. Some even go as easy as using numbers like 12345, a combination of letters, numbers, and symbols or the word ‘password’ as their password.
These passwords would have been nice ideas if hackers won’t be able to hack into your account within a short period of eight minutes with the use of Brute Force. Brute Force is a trial and error method used by an application to decode encrypted data such as passwords through the use of exhaustive effort.
GENERAL GUIDELINES
Use
- Use a mix of alphabetical, numeric and special characters
- Use a combination of letters and numbers, or a phrase like “money matters” using only the consonants, e.g., m0nYm@ttrz or a misspelled phrase, e.g., 2Hot3h@ndle
- Use a unique mixture of upper- and lowercase (passwords are case-sensitive)
- Replace a letter with another letter, symbol or combination, but don’t be too obvious about it. Replacing 0 with () is stronger than replacing o with 0 or a with 2 or i with 1
- Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., Professional%Website or design,+100#
Don’t Use
- Your name in any form — first, middle, last, maiden, spelled backwards, nickname or initials
- Your phone or office number, address, birthday, or anniversary
- Any ID number or user ID in any form, even spelled backwards
- Any all-numeral passwords, e.g., your license-plate number, social security number
- Part of your userid or name
- Any common name, e.g., John, Musa, Chioma
- Common passwords
- Passwords of fewer than six characters.
- The name of a close relative, friend, or pet
- Acronyms, geographical or product names, and technical terms
- Names from popular culture, e.g., Things Fall Apart
- A single word either preceded or followed by a digit, a punctuation mark, up arrow, or space
- Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation
“Be sure to use a strong password” is advice we all constantly see online. Here are few tips to help create a strong password — and, more importantly, remember it.
MIX UP
George Shaffer, a password expert said ‘a password which uses characters and symbols won’t be cracked for two years.’ Including special characters ‘$, %, @, &, (, (, >’ in your password will make it difficult to decode.
A good, strong and reliable password must have some complexity in it such as a deliberate misspelt words, figures, symbols and so on. It is best to include UPPERCASE characters and mix it with numbers. i.e use ‘ Ye1llOw2T@pe’ instead of ‘yellowtape12’.
LENGTH
Your password must be lengthy because the shorter a password, the easier for it to be able to get cracked. A hacker will brute force a ten character password within one week, while it will take 1.49m centuries to crack a fifteen letters password.
According to Richard Cassidy, the technical director of cyber security company Alert Logic, a 14-character password could take 811 trillion guesses to crack. “Length is the thing that gives you protection, not complexity,” he says, adding that even eight-digit passwords can be cracked in a matter of hours.
8 Characters > 645,753,531,245,761 (645 Trillion) Combinations
9 Characters > 45,848,500,718,449,031 (45 Quadrillion) Combinations
10 Characters > 3,255,243,551,009,881,201 (3 Quintillion) Combinations
DISCLOSE
Don’t ever tell anyone, by anyone I mean anyone your password. If there is a need to tell anyone, then it should be that the person has to know it to be able to work with it. Never disclose your Internet banking details to ANYONE, not even your spouse or a bank official.
DIFFERENT PASSWORDS
Having the same password for your all your account is like using the same key for all the locks in your house and expecting thieves not to have an easy access to your home.
Passwords should be different everywhere you use them.
It is easy to type the same password at every password prompt, however, this means that once one of your accounts gets cracked once, the hacker with that info now has access to all of your online accounts.
A study has shown that 75% of people use their e-mail password for their social media accounts, if that is also your Internet Banking password and it’s discovered, just say good-bye to some of your funds, if not all.
Ensure you use different password for different account, this will prevent anyone from getting access to all your account at the same time.
You can have the same one but put them in various versions, so you won’t have to forget or get confused. An example is, if the password for your Google account is ‘pin3AplleBlastE’ then you can use ‘pin3AplleBlaStY’ for your Yahoo account.
THE PASSPHRASE
The length of the passphrase and randomness of the word choice makes passwords secure. You need to keep it in mind that the phrase need to be random. Take a sentence and turn it into a password.
For example, “Actions speak louder than words” is a very bad combination because it is a common phrase and the word makes sense together, however, “A Soon Are Fool Money His Parted” doesn’t make sense together and aren’t in a grammatically correct order, which is good. It should also be much easier to remember than a traditional random password.
You can also turn a word into a phrase or sentence and add other words with it to make it easy to remember. For instance, use ‘it’s in her ball court’ instead of ‘ball court’, and ‘I use sodium magnesium to brush delay’ instead of the word ‘magnesium’.
PASSWORD MANAGER
A password manager is a software application that helps organize passwords. It usually stores passwords in encrypted formats, requiring the user to create a master password which can be a single, secure password that grants the user access to their entire password database.
Some password managers store passwords on the user’s computer whereas others store data in the provider’s cloud often called online password managers.
WORST PASSWORD CHOICE
12345 123456789 password
qwerty letmein welcome
login abcdef 11111111
123abc Football admin
photoshop 123123 1234567890
000000 abc123 1234
adobe1 macromedia azerty
iloveyou aaaaaa 654321