It’s often times the weakest link in the chain when it comes to data security and an issue equally as important as strong encryption: The question of how secure your password is. In fact, it does not even make a difference whether you use 40bit encryption or 256bit encryption. If your password is easy to guess or easy to find, your data is at risk. You may compare this to the front door of your home: The strongest lock will not do any good if you leave your key under the door mat.
The question is how can you choose a password that is both easy to remember yet hard to guess. The optimal password would look something like this: “A#$af|~a92,ae:q#1aO”. Great, but obviously nobody would ever be able to remember more than 2 of these combinations not to mention the hassle of entering a password like this into your computer every day. At the same time, your dog’s name, your wife’s birthday or that random word you came up with might be too easy to guess for people who can do a little bit of research about you.
Another threat are the so called password decryption tools. These applications can try up to several 100,000 passwords per second (a method called Brute Force Attack) on your precious data. However, they don’t just try random combinations of letters and numbers. The person looking for your password will instead program the application with personal data about you and create a psychological profile that helps the software to systematically try different passwords you are likely to use. In addition to that, the program combines these data with common words from dictionaries and any possible combination of appendices you may have added to your passwords (e.g. 123). They can also analyze existing data on your machine that may lead to the general password pattern you are using. It is estimated that an average of 60% of all passwords can be hacked like this within hours.
To protect yourself against those kind of attacks, you should follow these guidelines:
Select different passwords that are not similar to each other for different accounts
Use random letters in the middle of your password (not as an appendix)
Randomly choose uppercase and lowercase letters
Use words that are not easy to guess and that do not relate to you
NEVER save your passwords anywhere on your machine unless it’s in an encrypted password management system
To help you memorize your passwords you could come up with a short sentence and use the first letters of each word as your combination by mixing numbers in it. For example, “I hope you have a productive day” could translate into: “iHuh8PRd”
I also highly recommend using a good password manager that allows you to store your passwords in an encrypted container. That way, you can keep track of your logins and passwords without exposing it to data forensic software.
Finally, some applications may offer you alternative login methods such as your finger print, a sequence of images, or by use of external dongle devices. At one point or another, however, you are going to be asked to come up with a good password and now you know a little more about it.
More links about this subject:
Loading ...
Great Blog!
[...] the default password to a secure password and save your [...]
Never thought of abbreviating a familiar sentence to a password. Great info. Thanks!