In 2007, the most popular password among the Internet users was the word ‘password’. Later, people have realized that strong passwords should include not only letters but also numbers. And in 2008 “password1” became the users’ favorite password.
Despite all efforts of cyber security experts, who tried to explain to the average users, that predictable and frequently used passwords cannot be trustworthy, “password1” is still wearing the leader’s yellow jersey. Perhaps, only “123456” can compete with it for the crown. All these passwords do not lose popularity even today. At least, let’s recall the list of the most popular passwords of Ashley Madison users laid open to the public this fall.
Most people understand the importance of data protection on the Internet and the importance strong passwords, providing it. At the same time, mistakes, which we make while choosing and using passwords, make this protection almost useless.
What factors should be taken into account to choose really strong passwords, appropriate for their real work: the protection of our data in the network?
More passwords – strong and different
A scary large number of people use the same password for all their accounts. In the best case – two. It’s like having one key “for all occasions”: for the apartment, garage, office, bank safe. The loss of such a key endangers absolutely all objects it protects. After hacking one even the strongest password, the hacker will have a full access to all confidential data. And, for example, a dishonest employee of one of the systems you are registered even doesn’t have to hack any system to get your confidential data of money. After receiving a login and password from a database of this system, he will be able to get access to all your other accounts with the same password. Ideally, you should use a different combination for each website. It is especially important for e-mail services and bank accounts.
Strong passwords are complex, long, and non-standard
It is important to define what password is secure. Doubtless, a correct password must be long enough – not less than 8-10 characters. It is well known that the more senseless is the combination of letters, numbers, and special characters, the more difficult it is to hack them. But how is it possible to remember a senseless password?
There are different original methods of creation both credible and memorable passwords. One of them is a mnemonic technique. To create a new strong password, you need to remember a phrase from a song, movie, or a favorite poem, which is meaningful for you. After that, you should write out the initial letters of the first 5-7 words, and insert a special character between them. For everybody except you, this combination will not make sense, and at the same time, you will be able to recollect it with ease. This “key” does not have to be stored on a hard disk or on a piece of paper where it is accessible to fraudsters.
What should those users, who do not want to spend time and energy on creating strong passwords but still want to protect their accounts, do?
Before, there was only one variant: to use the password manager. But, like any other computer program, password managers are vulnerable. Fraudsters can hack them. Still, passwords created with the help of the password manager are much better than the notorious word “password”.
Today, you can also entrust the creation of a reliable password to other people for a small fee. Not so long ago the network was bubbling up with a story about the 11-year-old American girl, who organized her own business on strong passwords creation. People can order an easy-to-remember, secure ‘handmade’ password for only $2. A young business lady uses a special dictionary, randomly selects six short words and joins them in the pass phrase.
Nothing is forever on the Internet
Network fraudsters improve their ‘skills’ every day. We live at times when even the strongest password can be compromised. No matter how good and strong the passwords are, from time to time we must change them.
Double protection with one-time passwords
The data protection systems of the most important accounts (e-mail, bank, payment system) should include two-factor authentication. In this case, even if the hacker gets the regular reusable password, the system will not allow him to enter the account without the one-time password (OTP). Such OTP passwords can be delivered via SMS or e-mail, or generated with the help of OTP token.
2-factor authentication is more secure with OTP token. OTP tokens are autonomous and are not connected to the Internet. This eliminates the possibility of remote hacking. There are even more secure tokens like Protectimus‘ Ultra that work using OCRA algorithm allowing connecting data signing function (CWYS). This function protects the account from such threats as banking Trojans, automated transfer systems, and replacement.
These are simple recommendations that will make passwords really effective means of data protection.