Password Cracking and How to Protect Your Accounts
In the age we live in, it’s almost inevitable that you have multiple digital accounts across multiple platforms. You may have an email account (or several), social media accounts, online banking accounts, accounts to access online systems for work, etc. and all these need passwords to keep them secure.
Your passwords are your first line of defense against would-be hackers trying to get unauthorized access to your accounts. But passwords are not foolproof; there are ways that attackers can discover or break through your password to get at your most sensitive of data. This can result in thieves getting into your bank account, your identity being stolen, or a work security breach that can get you fired, just to name a few dire consequences.
But all is not lost. With robust password and account management, you can keep risks down to a bare minimum. To help you with that effort, we here at DigitalJTI have put together this post to guide you in keeping your accounts secure.
Choosing Strong Passwords
The first step in keeping your systems secure is to ensure the password itself is strong. You wouldn’t protect your home with locks made of paper, so why use weak passwords for your accounts? The first thing you should do before making your passwords is check your company’s password policy for work accounts, if one is in place, and check the password policy for the software or website the account is on. These policies are usually put in place by security experts to ensure a minimum level of protection for those accounts. Also, you will have to follow these policies anyways so taking them into account early is simply good sense.
Many people use simple and easy-to-remember passwords such as “password1”, “12345”, their name or names of their family members. Often the first thing hackers try is to guess common passwords or passwords that would be meaningful to the user. Even your name and family members can be gleaned from social media accounts, websites, or email signatures. Try to ensure your passwords are not obvious, personal to you or words that are easily viewed from your desk. And yes, “<child’s name>IsTheBest” or your child’s birthdate is obvious and that information can be found by a quick Facebook lookup or a carefully-worded call to your local school.
Another common strategy for hackers is to use a software algorithm to rapidly try every possible password or a large set of passwords in quick succession. This is known as a brute force attack. To defend against this, your passwords should contain a combination of lower-case, upper-case, numerical and symbol characters and you should opt for longer passwords. As you add more characters and more options for each character, the number of possible passwords rises exponentially, which means a password cracker would need to try more passwords to have a chance to get the correct one. The longer it takes to find the password, the more likely the hacker is to give up and move on.
You should also make sure to use different passwords for every account. The best password in the world isn’t 100% foolproof. There is also a chance that the website or app the account is on could be hacked. If you use the same password for multiple accounts then if a hacker does get that password, they could try to use the same password on other common sites and apps they expect you to have.
So, in summary we are recommending you keep many passwords that are each long, have a variety of characters and don’t have personal meaning to you. You are likely wondering how you can possibly remember all of them. The good news is you don’t necessarily have to.
Consider a Password Management Service
There are many apps that can be used to effectively manage your passwords. These password management services can store your passwords for all your accounts and most of them can create strong passwords for you. This allows you to have very strong passwords unique to every account without worrying about remembering them all. You only need to remember your master password to log into the password manager.
Many of these services have plugins for your browser that can even auto-fill your password when you visit a website, making them one of the few cases that are both more secure and more convenient. Most will store your passwords on their servers so they can sync across all your devices giving you convenient access to your accounts at any time. The passwords are encrypted, and the decryption key is kept on your device separate from the passwords to protect you even if their server gets hacked.
You can find lots of password managers with a quick search in your favorite search engine. Many of them are very affordable and some are even free to use. We would recommend you look at reviews of each one to find one that is trustworthy and suits your needs.
Perhaps you don’t trust any password managers, you don’t want to install any software, or you don’t want to deal with software you don’t understand well. But you still want to have unique and strong passwords for your many accounts. There may be one alternative for you, with a few caveats.
A Low-Tech Alternative
It’s a bit controversial, but some security experts suggest that writing passwords in a carefully protected place can be a good alternative. The main benefit of this approach is that paper cannot be hacked no matter how good a hacker is. However, while this does protect you from remote attacks, it is more vulnerable to local intrusion if anyone gets their hands on your notebook.
The first thing you need to do is keep the record safe. Ideally, you should keep it on your person so the only way someone can get access to it is to take it directly from you. A notebook in your pocket, a card in your wallet or a piece of paper tucked into you shoe all allow you to personally keep your passwords safe. If you must store it somewhere, it should be somewhere no one would think to look or in a very secure location such as a lockbox. Never leave it somewhere someone can see it or look through it, such as on a desk or even in a desk drawer.
Write down as little information as possible. Ideally, even if someone gets your notebook, they shouldn’t be able to tell what password goes with what username and what account. If you must look at it in a not-completely-private location, including in the office, make sure there’s no one in a place where they could easily look over your shoulder.
You also must be careful not to lose the paper or let it get destroyed. Forgetting it in your pants pocket on laundry day is a great way to lose access to all your accounts. You also don’t want to accidentally leave it somewhere anyone else could find it.
To be clear, a password management service would be more secure than writing the passwords on paper, but this method would be better than using weak passwords. If you want to learn more about the ways people can access your accounts through physical documents, check out this other article.
Beyond the Password
So now you know about creating strong passwords and how to keep track of your passwords. What else do you need to be aware of to keep your accounts safe?
First, you need to keep those passwords safe. If there’s ever a need for you to look at a password or to type it out, always make sure there’s no one nearby that could watch you and get your password. If you ever get the feeling that someone might have hacked your account or gained access to your passwords, immediately change the password to all suspected accounts and any accounts associated with them before any harm can be done. You should then check your account to make sure no changes have been made in the settings or the use of the account. Check your banking records for online backing, and your sent folder for email, etc.
Be wary of security questions or password recovery questions, such as “What is the name of your first pet” or “What is your mother’s maiden name”. These can undermine a strong password as this information can often be easily gained by a hacker such as through social media or casually talking with your friends or family. You can read our previous article on social engineering to learn more about how a hacker can piece together information to access your accounts. If you must use these security questions, you should always input your own question rather than use the default if that option is available. You should always choose questions you’re confident no one knows or can find out about you. Ideally, if you can keep track of it, you should give incorrect information as the answer to throw off savvy attackers.
If a hacker gets access to your personal computer, they likely will be able to get access to many or all your accounts from there. Even if they cannot immediately, they can install software that tracks what you do and captures your passwords as you type them. Never leave a phone, tablet, or laptop unattended in a public place, including your office. If you must leave a desktop computer unattended, make sure you log out and that a password is required to log in.
You should also consider two-factor authentication. Most websites and apps offer two-factor authentication in their settings menu. This handy security feature will send a message to your phone that must be responded to in order to gain access to an account. This reduces the chance of an intrusion as the hacker would need to get your password and have physical access to your phone. This feature is highly recommended.
As we have discussed here, simply having a password isn’t enough to protect against digital attacks. You must have a strong password and have a unique one for each account. There are methods to allow you to have many strong passwords without having to memorize all of them, especially password management services. There are also methods you can follow to protect your passwords and secure your account in the case of a stolen password, most notably two-factor authentication. By following this advice, you can protect yourself from all but the most die-hard attackers.