Business Today

Make Them Strong

A must-follow guide for creating passwords which can keep data breaches at bay
twitter-logo Nidhi Singal   New Delhi     Print Edition: September 22, 2019
Make Them Strong
Illustration by Raj Verma

We live in a digital age where just about every retailer, bank, credit agency, website and social media platform is under attack. Like it or not, hackers can easily crack our passwords, access our smart devices, steal our data and hijack our identities. Of course, companies try to protect us from malicious attacks by adding two-factor authentication (2FA) and best-in-class encryptions. Besides, several predict that physical passwords will soon be obsolete and biometrics will kick in. But until then, we should try and shield ourselves from cybercriminals by using passcodes which cannot be cracked easily.

Are They Secure?

If you think your password is difficult to crack, let us take a short quiz and find out. Do you have the same password for your e-mail login, social media accounts, shopping sites and net banking? Or do they have the same components - your first name, last name, phone number, date of birth, anniversary date, pet's name or your child's data? If that is the case, you are not alone and may soon become a victim of data breach as your personal information can be hacked easily. Worse still, most people suffer from a kind of password fatigue and tend to stick to the same code for all their accounts for the sake of convenience. Again, many of us like to keep them simple (and hacker-friendly such as iloveyou or 12345) because difficult passwords are not easy to remember. Finally, some people are just lazy - they do not even change default passwords despite regular prompts. If your passwords fall under these categories, you could be facing huge security risks. According to Norton (a division of the US-based cybersecurity goliath Symantec), hackers are hungry for passwords as they have a substantial monetary value. Thanks to data breaches and password leaks, millions of records could be stolen by cybercriminals and sold at a premium, depending on the sensitive nature of the data.

Before you rush to create unique and complicated passwords to prevent these malicious attacks, find out whether your current passwords would pass muster. You can do this by installing Google's Password Checkup extension (available from Chrome Web Store), designed to keep your digital life secure. A bright red warning box pops up whenever you log in to a site or a service by using one of the four billion-plus usernames and passwords that Google knows to be unsafe due to third-party data breaches. One can also try the Kaspersky Secure Password Check to find out how fast her next password can be cracked. The site warns you not to type your real passwords, but it is a fun exercise.

Create a Strong Password

The rule of thumb is to stay away from the obvious. For instance, never use easy, sequential numbers or letters or a combo of both such as 12345, 11111, 123123, qwerty, abc123 and so on. Similarly, avoid using common words and phrases such as 'donothack', 'antivirus' or 'password'. As discussed before, do not use any personal data (name, birthday and the like) while creating your password. This information is often featured on social media platforms and hackers can access it.

You can create a strong password by using a combination of alphabets (both upper and lower case), numbers and special characters or symbols, but do not put the letters or numbers sequentially. Besides, passwords should be long - anywhere between 12 and 16 characters should serve the purpose. All this may sound slightly technical, but in reality, it is a simple exercise. If you still find it challenging, opt for a password generator or password manager to create a secure and random passcode. For instance, LastPass allows you to generate a strong password, say, #5fMQt6c!S!l, which can be further customised by changing the number of characters or selecting options such as easy to read or easy to say. Or try 1Password that gives you the option to choose from random passwords, memorable passwords or pins.

Although these passcodes are difficult to remember and key in every time you wish to log in to a site or a service, there is an easy solution. Password generators and password managers will securely store your passwords in encrypted vaults (can be accessed with a master password that only you know) and autofill usernames and passwords for online accounts. Otherwise, you can rely on the autofill feature of Google and Apple which also store your passwords securely and autofill the data on their respective platforms. Many companies, especially banks and credit agencies, also send time-restricted one-time passwords or OTPs to your registered phone and e-mail to make authentication more secure.

More Safeguards

Now that we know the basics of strong passwords, here are five golden rules to ensure password safety.

  • Never share your e-mail id and password with anyone, including the people you trust.
  • Change passwords regularly - anywhere between 60-90 days is recommended.
  • Never reuse an old password.
  • Start using secure Password Managers to keep your passwords well protected.
  • Password recovery may not be as secure as you think. In case you have forgotten your password, a code or link is usually sent to your phone or e-mail so that you can reset your password. This can leave you vulnerable if an attacker has gained access to your phone, e-mail, voicemail or other information related to the authentication process.

@nidhisingal


Sign In With Apple

As every website/app makes it mandatory to sign in using your e-mail ID, you often end up putting your primary e-mail and password to log in. Another popular option is to sign in using your Gmail or Facebook account, which grants the site/app access to all e-mail contacts and important information. That is why Apple has figured out a solution. The Cupertino company is coming up with a feature called Sign In With Apple that eliminates the need to fill in forms or create passwords.

If a user prefers it, Apple will create a unique e-mail address to be shared with the app, thus keeping the real e-mail ID private. In simple terms, instead of sending your actual e-mail address, Apple will sit in-between and send a random but unique ID to the app and relay all the messages back to you. This will keep your e-mail and password safe and eliminate the hassle of remembering multiple passwords for not-so-important apps and websites. If you ever wish to log in again, Apple will be at your service.

Youtube
  • Print

  • COMMENT
BT-Story-Page-B.gif
A    A   A
close