What is a Strong Password?
You might hear this a lot nowadays especially from folks in IT that your password for any online account and activity should be strong or else there is always a risk that you might be swindled of your money, your identity et cetera and many other versions of the same story.
To understand what a strong password is let’s just understand Why do need a strong password.
An average person in this tech-savvy era spends around 4-6 hours a day online and this time is on an upward spiral. The time spent online is mostly due to various tasks such as online shopping, Facebook and other social media platform engagement, net banking, applications, claims and many more. It is good that almost all tasks today can be done online, but the most disturbing part for us as An absolute ICT Professionals is the presence of vulnerable passwords which are used across online platforms.
On an average, every user has 15 – 30 online accounts, profiles or sign-ins. Here comes the tricky part as it is not easy to remember the passwords for all of them. So, what do users do?
They either use one password for all, or they keep 3-7 passwords on a rotating basis across all platforms. Now, this poses a great threat as there is the potential of losing one password and giving up access to 10 accounts. For example, if you lose the key to the main door of your house which can also be used for your lockers and other rooms, it becomes very easy for the invader to access everything. Moreover, if you google ‘most commonly used passwords’ you would be surprised that millions of people are still using the following as their password. Get ready to be shocked (or not)!
1. Password
2. Password1234
3. 123456
4. 12345678
5. Qwerty
6. Letmein
7. Football
8. Iloveyou
9. Admin
10. Administrator
11. Welcome
12. Abc123
Having any of these passwords is like locking the door and leaving the key inside the lock.
Some Password Myths:
Myth 1: I do not have anything important on my email
You might think that there nothing of major consequences in your email. What you do not know is that this email address is probably connected to your bank account, social media accounts, etc. Once the hacker gains access to the email, it is easy to send a password request on net banking to the email address and bingo! Now your net-bank account is under the hacker’s control.
Myth 2: My password is saved in a document on my local computer
You might save all of your passwords on your local PC which according to you is a safe place, but what is the password to log in to your PC? Do you have one? Most people still do not have a password to get into their local PC, or if they do, it is mostly a commonly used password (mentioned above) and which anyone can guess easily.
Myth 3: I have a router installed or a firewall, so I’m safe!
It is true that having a router of firewall gives you an extra layer of protection, but no device can protect you against a weak password. In this scenario, if your WiFi password is not secure enough or if you are still using the manufacturer’s default password for these firewall or router devices, it is very easy for someone to brute force and guess the password for these networking devices. Once a hacker is in these devices, they can now see everything in your network and possibly gain access to all your devices.
Myth 4: I rotate my password every month, so I do not need a strong Password
Rotating a simple password is a very bad practice as it gives the hacker access to all of your accounts over a period of time.
Common Complaint from user
“It is hard to remember!!“
This is the most frequently asked question to Security Professionals like us that a complex password is hard to remember. There is always a trade-off between security and convenience. Wouldn’t you love to just barge into the home and have no doors at all? But you still have a door and lock your home to protect your precious possessions. It is the same for the digital world. You need to understand what you want to protect, how precious something is and based on that protect it digitally.
Understand what is important to you:
If you think about the following three questions you would surely be inclined towards using a more secure password.
1. What is the asset that you want to protect?
Your data and personal information, bank account details, home address, and email address, etc
2. What is the value of that asset to you?
We would assume heaps
3. What implications could it have on other things?
Severe impact as an imposter can pretend to be you in the digital world and can impact you financially.
Characteristics of a strong Password:
It must be unique for all different accounts
12 -16 characters including alphabets, capital letters, numbers, special symbols
Do not store it anywhere in a plain text file or as an image
Enable two-factor authentication on all the accounts
It should not involve username, date of births, name of a family member, name of a pet, your favourite song. In short, should not include any information about you available in your public domain.
Apart from these, use a password manager to create and manage your passwords but you will learn more about the password manager in the next blog.
Contact us at:
Phone: 03 9700 4509
Email: [email protected]