Best Password Practices 2017
How’s your password hygiene? All good?
The web may seem an interesting place to be, with all the bright and wicked minds working hard to make their presence and gain profits at an organizational or individual level. No doubt! It’s Interesting. Technically speaking it is a complex system of interconnected elements, and the only thing keeping us safe is our password!
From 1 website in 1991 to 1 billion in 2014, the number will just keep on growing. The internet has around 1.7 billion users. The National Science Foundation predicts that it will have almost 5 billion users by 2020. If this happens, which is destined to happen then there is no doubt that scalability and security will be of prime importance while designing any future internet architecture.
They say prevention is better than cure but what exactly should the user’s do? Past incidences like Yahoo’s admission in December 2016 that data from at least 500 million user accounts has been stolen, confirming one of the largest security breaches in history was enough to scare us all and give us goose bumps, isn’t it?
The past few years have seen much advancement in terms of securing user data by using Two-factor authentication but is that enough? Are we completely safe? What is the future of passwords? Can someone do something to make the internet much simpler and safer than it is now?
According to a study consumers on an average have 24 online accounts. It’s almost impossible for the end user to set unique passwords for each one of them. For someone who has never seen a web page before in his life, the sign-up process can be fun but setting a strong password can make him lazy. That stupid security question, and the captcha after that makes him even lazier but what can that helpless creature do? He fills and fills and keeps filling and clicking next. But, the war is not over yet.
As soon as the user takes a sigh of relief on this herculean achievement, a tech-savvy friend of his appears and acquaints him with the do’s and don’ts of online security which makes him tense about his choice of passwords, the name of his favorite football which obviously many of his football frenzy friends also know. Then he thinks, that’s fine, I can change my passwords and why will someone try to access my account? there is no need to go so hard on himself and keep thinking about my online security all the time. And then he forgets to change his passwords!
Setting a password can be a difficult task for the naïve user but trust me every one of us can at least do better than setting it as ‘password’ or ‘12345’.Everything around the web that involves a lock and key is something that interests the hacker.
Now here are some basic things one should remember while setting a password and maintaining a good password hygiene:
Don’t be lazy
Setting a password can be a difficult task for the naïve user but trust me every one of us can at least do better than setting our password as ‘password’ or ‘12345’. Also avoid passwords such as ‘qwerty’, ‘123456’ or anything of that sort which is pretty obvious, horrible and trivial to crack.
Your password should be unique
Everything around the web that involves a lock and key is something that interests the hacker and using a combination of numbers, symbols and alphabets (both upper and lower case) is a good precautionary step from the user side.
Length is the key
Use a long password. Longer passwords are usually better than a more random password. A long password should be at least 12-15 characters long. In fact, a long password that comprises only lower-case letters can be more beneficial than crafting just the right combination of alphanumeric gibberish. Usually, all it takes is a password just two characters longer to make up for a lack of other types of characters such as upper-case, numbers, or symbols
A Dictionary does no good
Using some fancy word from the dictionary to feel secure? You can be a victim of the ‘dictionary attack’ wherein a dictionary of common words and names is maintained. There are, a lot of password cracking tools using which, up to thousand requests per minute can be made, easily available on the internet. Your security can be easily compromised. Using numerals with the word can be a good option if you still want to use fancy English words.
Don’t use the same password everywhere
Maybe, you did a good job choosing a complex password. But if you’re using it all over the Internet, on shopping account, social media profiles, banks and credit card accounts you’re just asking to be compromised. A hacker may get lucky and determine your password on an account where they can’t do much damage.
Change Default Passwords
Change assigned or default passwords immediately upon signing into those new accounts for the first time in any device, and do not share the new passwords with anyone, even the IT department at work. If necessary, they have other means of accessing your email, but you don’t want anyone just able to sign in to your personal accounts.
Should you rely on password management tools?
As mentioned earlier having a universal username and password is impossible. Some cybersecurity experts say that without password management tools, users revert to poor passwords with no management, on the other hand, some say that ‘Password managers’ are society’s method of moving bad habits to the computer. If the management tool gets hacked then all your personal codes would be out there on the internet, ‘LastPass’ is also one of the many password management tools and the breach it suffered from in 2011 and then again in 2015 proved it right. With such an ambiguous nature of these management tool’s, it’s better to rely on yourself as trusting yourself is the best way out.
What’s the way out? Set up calendar reminders if you need to. If you have a lot of passwords, change them on a rotating basis so you don’t have to go through dozens or possibly hundreds every time. Make sure that you change it and come up with the new passwords every time. Being alert and disciplined is the basis of an ideal password hygiene!