Steps to Stronger Passwords
A journey of password
The utilization of passwords is known to be old. Sentries would challenge those wishing to enter a territory or moving toward it to supply a secret word, and would just enable a man or gathering to pass if they knew the secret key. In present day times, username and passwords are normally used by individuals for a sign-in process that controls access to secure PC working frameworks, cell phones, digital TV decoders, computerized teller machines (ATMs), and so on, bank account, social media, etc. In today's world, an individual may have passwords for some reasons like signing into records, recovering email, getting to applications, perform a transaction of money, modify databases, access systems, sites, perusing the morning daily paper on the web.
Some information about the first use of password:
The principal PC secret word or the password was produced in 1961 at the Massachusetts Institute of Technology, for use with the Compatible Time-Sharing System (CTSS), which offered authorization access to a large portion of the essential processing capacities we utilize today. CTSS was intended to oblige different clients without a moment's delay, with a similar center processor controlling separate consoles. In that capacity, every specialist required an individual purpose of passage into the framework.
"The key problem was that we were setting up multiple terminals, which were to be used by multiple persons but with each person having his private set of files," Fernando Corbató, head of CTSS program, told Wired. "Putting a password on for each user as a lock seemed like a very straightforward solution."
A password is a word or series of characters utilized for client confirmation to demonstrate personality or get to endorsement to access an asset, which is to be kept secret from those not permitted to get it.
Need of strong passwords:
In the year 2016, Mark Zuckerberg Twitter and Pinterest accounts were compromised. No wonder. Mark's password for those accounts was"dadada." Depending on the theory of human behavior that humans may use the same password for signing into a different website, hackers tried his password on Pinterest and other sites. They were successful on Pinterest. The group of hackers responsible for this was known by the name "OurMine." Let us explore the list of people whose passwords were hacked by OurMine:
- The Twitter records of Wikipedia fellow benefactor Jimmy Wales
- Pokémon Go maker John Hanke
- Twitter prime supporter Jack Dorsey
- Google CEO Sundar Pichai
Many other social and group accounts. The list does not end here; there were many big personalities and celebrities whose accounts were compromised because of using a password. Just have a look at the names of few:
- Drake
- Katy Perry
- National Football League (NFL)
- John Podesta Chairman of Hillary's Clinton so on and so on
These names are taken from the list of "P@ssholes of the Year 2016" http://www.csoonline.com/article/3150035/data-protection/top-celebrity-online-security-screwups-in-2016.html
This hack took place just because they used weak passwords for their accounts. There is a need of stronger password for the users, and we will let you know how not to be on the above list and avoid being P@ssholes
Steps to stronger password:
- The length of the password
If a user keeps the password as "welcome" this is definitely a weak password, and it is present on the top 25 worst password list. https://www.teamsid.com/worst-passwords-2015/?nabe=5285852066611200:0&utm_referrer=https%3A%2F%2Fwww.google.co.in%2F
Make sure the length of your password is more than 12 characters.
How about a user keeping a password "123456789012" is it safe? Absolutely not, as it is not alphanumeric. According to the site https://howsecureismypassword.net/, it would take 25 seconds to crack such password.
Do not use personal information or generic words in passwords.
- Alphanumeric password:
The password in this category comprises of the following "abc-xyz" + "ABC-XYZ"+"123-789"
So the sample password would be something like "welcome1234". According to the site https://howsecureismypassword.net/ it would take one day to crack such password.
Don't use personal information or generic words in a password.
Let's make our password a bit more complex.
- Special characters:
Along with the above mentioned "abc-xyz" + "ABC-XYZ"+"123-789" we would require introduction of special character such as "!@#$%^&*(){}[];':",<>/?=+"
Now our sample password would look something like "welcome@123". According to the site https://howsecureismypassword.net/, it would take five days to crack such password. However, by using the dictionary present https://github.com/danielmiessler/SecLists/tree/master/Passwords it can be cracked before time.
Don't use personal information or generic words in a password.
- Bruce Schneier's Method:
Bruce back in 2008 introduced a password creation mechanism. It was on the line of keeping a sentence and using it for the password.
Sentence: What a beautiful day it is! Will you give me the duck back?
Password: Wabdii!Wygmtdb
According to the site https://howsecureismypassword.net/, it would take 29 Million years to break the password.
Don't use personal information or generic words in a password.
- Different passwords for different sites:
A British security specialist has drilled down the information made open by Anonymous group hacks against Gawker and rootkit.com and found that numerous clients with records at both sides utilized a similar password for their login qualifications.
Indeed, contrasted with past research on the issue, the information shows an ever increasing number of online users that are reusing passwords.
Password reuse over various Websites speaks to a hazard since all that the cracker needs to do is break one password and use it over different websites for the same user.
Don't use personal information or generic words in a password.
- Using passphrases:
A passphrase is a grouping of words or other content used to control access to a PC framework, program or information. A passphrase is like a password in utilization, yet a lot longer for included security. Passphrases are regularly used to control both access to, and operation of, cryptographic projects and frameworks, particularly those that get an encryption key from a passphrase. The inception of the term is by similarity with a password. The present day idea of passphrases is accepted to have been designed by Sigmund N. Doorman.
Passwords look like: welcome@123
Passphrase looks like: This is my hat, where should I keep it? à Thisismyhat,whereshouldIkeepit?
According to the site https://howsecureismypassword.net/, it would take two duodecillion years to crack the password. Now, this sounds pretty strong.
Don't use common passphrase such as "Iameating" or "Iamsinging."
Don't use personal information or generic words in a password.
- Two-factor authentication:
Two Factor Authentication (2FA), is an additional layer of security that is known as "multi-level validation." It requires a password and username as well as something that is unique to the user that they do not have memorized, for example, a physical token or mobile device that can receive messages or personal email account, etc.
Utilizing a username and password together with a snippet of data that lone the user knows makes it harder for a potential cracker to get entrance and take that individual's information.
Truly, two-factor validation is not another idea but rather its utilization has turned out to be much more pervasive with the advanced age we now live in. As of late as February 2011 Google reported two element confirmations, online for their clients, trailed by MSN and Yahoo.
The following URLs guide you to enable 2FA:
Gmail: https://www.google.com/landing/2step/
Facebook: https://www.turnon2fa.com/tutorials/how-to-turn-on-2fa-for-facebook/
Twitter: https://www.turnon2fa.com/tutorials/how-to-turn-on-2fa-for-twitter/
You can search 2FA for different site by using the URL: https://www.turnon2fa.com
References:
https://en.wikipedia.org/wiki/Password
http://mashable.com/2013/12/30/history-of-the-password/#wLJqMTMr6sq3
http://www.pcworld.com/article/219303/password_use_very_common_research_shows.html
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Steps to Stronger Passwords
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security