15 Tips for increased Password Security

When thinking about the security of passwords, use a simple rule: create secure passwords that make sense to you, but not to others.

Most people not familiar with security concerns on the WWW don’t realize, there are a number of common techniques used to hack users’ passwords and plenty more ways we make our accounts vulnerable ourselves, due to the simple fact of re-using our passwords across many different sites!

How do Accounts get hacked

Dictionary attacks: Avoid consecutive keyboard entries and combinations - such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or other similar programs, which are widely available on the internet, and well known to Hackers.

Cracking security questions: Many people just simply use their first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research on Facebook or other social networking sites. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. So basic rule: Don’t use passwords which can simple be tried by looking at your social media profile.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favourite colour/song, etc.
Last year only several million passwords were exposed in breaches, almost 1% of victims were using “123456” as their password. The next most popular passwords where “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123”.

Reuse of passwords across multiple sites: Reusing the same password for your email account, personal banking, and your social media accounts can lead to severe identity theft. Some recent breaches revealed, that 31% of victims had re-used their passwords across multiple sites.

Social engineering: Social engineering is an elaborate type of lying or forgery. An alternative to traditional hacking. It is the act of manipulating others into performing certain actions or divulging confidential information.

How to make your passwords secure

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password, especially if you are in a public place.
  3. Always log off if you leave your device and anyone is around - it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date in order to avoid keyloggers (keystroke loggers) and other malware, which could be interested in gaining access to your personal information.
  5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library) - they may have malware installed that can steal your password.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop) - hackers can intercept your passwords and data over these unsecured connections.
  7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords every 3 month, and avoid reusing a password for at least two years.
  9. Use at least eight characters of lowercase, uppercase letters, numbers, and symbols in your password. Remember, the more characters, the better – the more obfuscation the more secure your Passwords will be.
  10. Strong passwords are easy to remember but hard to guess. Iam:)2b45! — This has 10 characters and says “I am happy to be 45!”.
  11. Use the keyboard as a palette to create shapes. %tgbHU8* -  Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.
  12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b?  - This one says “To be or not to be?”.
  13. Another great way is to use a combination of the above, e.g. the password faceBook2B-or-Not-2b! identifies the site you are on, so you could potentially have a way to identify the site you are using your password for, plus your standard 2B-or-Not-2b! password. You should however not reuse the “To be or not to be” too often, best case – don’t use anything twice. 
  14. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.
  15. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

Always check your password strength. If the site you are signing up for, offers a password strength analyser, pay attention to it and follow its advice. For general password checks, and to play around you may visit How Secure is my Password. We are suggesting this site, as your information is not transferred over the internet, so you can be sure no one steals your password trials.

Author

Andreas Maier | CEO

Andreas is a result-oriented CEO who brings nearly 30 years of experience gained in the high-tech industry. His experience ranges up to leading positions in Fortune 100 companies such as rentalcars.com (PCLN) or Intrasoft International, a leading EU based R&D software vendor. He holds a Ph.D. in Neural Networks from the University of Cologne, Germany.
In the past Andreas has successfully founded and co-founded several startups among others XXL Cloud Inc., eShopLeasing Ltd, and WDS Consulting SA. His expertise is strongly focused on modern headless Commerce and the optimization of processes in IT ecosystems.