What is a Strong Password?
How to create a password that prevents intrusion
The most common way hackers can penetrate network security is by obtaining the password of someone already in the system. Sometimes this can be done by them finding an exploit on a third-party website, such as the case with a recent Spotify hack that led to hackers acquiring 350,000 users (about half the population of New Brunswick) passwords. If that password is reused over many different accounts, anyone with that password can access those accounts, no matter how difficult you made your password. This document will go over some do’s and don’ts when creating passwords
Do: Make it complex
Use a mixture of upper- and lower-case letters, numbers, and symbols. The number of characters you use will increase the difficulty of breaking your password.
Hackers can use devices that very quickly try different passwords in succession to see if they gain access, below is a chart showing how long typically those devices take to gain access.
Don’t: Use common or personal phrases
Sadly, the most used password is still 123456, followed closely by 123456789. These passwords are so commonly used it takes no time for hackers to gain access. Also, due to the advent of social media, much of your personal information is made public. If you were subject to a targeted hack, having personal words such as your pet or child's name offers no extra security.
Some common passwords are: 123456, 123456789, picture1, password, 11111, senha, qwerty, abc123, iloveyou, aaron431, unknown, ashley, princess, 1q2w3e4r5t
Do: Use bizarre word combinations
A hacker will find no difficulty matching the words “BlueDolphin”, but will struggle to crack “WaffleDolphin”, or even better “Waffle#Dolphin3Cupcakes”.
Do: Use the sentence method
If you have a favourite quote, take the first two letters of each word and switch between capitals and lowercase between each word. "Life is what happens when you're busy making other plans.,” becomes “LiIsWhHaWhYoBuMaOtPl”. If you toss in a few numbers and symbols no one is getting access. “Li1sWhH@WhY0BuMa0tP!”
Do: Use mnemonic technique
Take a phrase personal to you and turn it into a series of letters and characters, for example: “I have two dogs and one cat, I was born in 1954, and I like pizza” becomes “Ih2d&1c1954P”
Do: Check to see if your account is compromised.
Avast, one of the leading anti-virus companies, has a free online tool that can check your email across a list of their hacked account databases. You can find it at : Have Hackers Stolen & Leaked Your Password? | Avast Hack Check (www.avast.com/hackcheck)
It will not ask you for your password, but if you put in any email you will see if that matches any of their leaks. I bet many of you will be changing passwords after using this tool.
Don’t: Reuse passwords
It may be difficult at first but avoid using the same password across different accounts. That way if one account is breached, they do not gain access to all your accounts. One trick you can try is to connect your password to the website you are trying to log into. For example, if you try to produce a password for Facebook you might use the title of your favourite book, or a list of piercings you have on your face.
Don’t: Share your password
A password is only good if you have control of it. The second you lend your password out you have lost all control of it. If you need to share an account for any reason, create a unique password specific to that account prior to sharing it, and when sharing is no longer required, change your password again.
Don’t: Have your password visible
If you have a sticky note with your password taped to the side of your monitor, assume your password is compromised. But having a visible password can also mean typing it slowly beside someone on a plane or inside a Starbucks. Always be on the lookout for wandering eyes when typing in your password.
Don’t: Create a password so complex you will never remember it
A hacker will never guess: “F4k&b57#bA9d!1x-64Nn%6Z4” and 10 seconds after typing it neither will you.