Now a days online security and privacy are most talking topics in the computer security related discussions. We are living in a challenging world, where our private resources, accounts and details may be visible to somebody or may be visible o the entire world due to a prank of a hacker. The interesting thing is that still most people are not interested to protect their accounts with strong passwords. A recent study reveled that some of the most used online passwords are easily guessable or very easiest to hack. Some of them are ‘123456’, ‘12345678’, ‘abc123’, ‘qwerty’, ‘monkey’, ‘letmein’, ‘dragon’ , ‘111111’, baseball’, iloveyou’, ‘1234567’ ‘trustno1’, ‘master’ and ‘password’ . some of you are shocked by seeing your secret password in the list ! We couldn’t say these password are strong passwords, these passwords are used by millions of users across the world and is easily guessable. We advice our readers to not to use such easy-to-guess passwords in your online accounts. Instead of that, always use a unique, alpha-numeric password to protect your online accounts.
Now, wondering how to create a strong password, that is very difficult to hack? The first thing you keep in mind is , keep the password long and make sure it contains some alpha-numeric (means it should have combination of letters, numerals, symbols). You can also use case sensitive passwords. Keep in mind that the small length passwords are easiest to crack using some hacking tools. So, you should ensure the minimum length of password should be at least eight characters. You can use spaces in between the characters. Never do the mistake of including your user name, real name,company name in your password. Next thing is to keep changing your passwords regularly. There is a password recovery option in almost all sites having a login form. You should ensure that password recovery options are safe and up-to-date in case you forget. If you changed your email address or phone number, then you should also update the password recovery option too. It will ensure, you will get any request related password change or recovery related request. eDoctor recommend this option, as I am experienced such a possibly with my Facebook account. One day I noticed a password reset request in my mail box from Facebook, as I was not made any request do the password change, I contacted the Facebook helpdesk and suddenly changed the password to a more strong one.
Another thing we noticed is that many people using same passwords on different websites and other services. It is not good, if a site is hacked, there is a great chance to get all of your sites or services using the same passwords to be compromised. So, it is advisable to use unique password for each account. You should take special attention when you create passwords for your email and banking accounts, which are most prone to hack. Use only unique passwords for important accounts like email, social networking and online banking accounts.
Best Tips to create strong Passwords
- Never use easily guessable passwords like 123456, password1, abc123, 123abc, qwerty, iloveyou, iloveu etc. (According to some reports, these passwords are an example of some of the worst kept secrets by people globally.)
- Create long passwords , the minimum length we advised is more than eight characters, if possible go for 14, which is better and yes,25 is even better ! (Remember some services have character limits on passwords, check the password limit from the help link).
- Why more characters? the more characters in a password, the more time it will take to hack it. Adding special characters like $, !, ?, or #, and using lower and upper case letters, make the hacking task more tougher.
- Use combinations of letters and numbers, upper and lower case and symbols such as asterisk sign. (Again, remember some services had some restrictions).
- Never use words in dictionaries, especially in English, even from a local language dictionary. There are some malicious programs that can hack passwords by going through language dictionary databases of known words.
- Never use your name, pets name, company name, hometown, or village name. Because you may refer about it somewhere in your blog or in your social profile. Avoid simple easy-to-guess words.
- Never reuse the same password on other accounts, as we said earlier, if a weak site is compromised using the same password, all the related sites or accounts may gets hacked easily.
- Instead use upper and lower case alphabets, numerals, as well as special characters (!@ #$% ^&*) in your password.
- You can also substitute characters. For example, use the number zero instead of the letter Q in the password.
Checking the strength of passwords
Great, you followed the method and created a difficult to hack password. You want to check the difficulty of hack the password. Here is a nice tool (http://howsecureismypassword.net/)to check, how much difficult to hack your password, use upper and lower case alphabets, numerals, as well as special characters (!@ #$% ^&*) in your password and see the difference and time taken to hack the password. Also notice the password length and hacking time required. You can read an article about how the passwords are hacked using advanced computing techniques. You can also check the strength of your password at Microsoft password-checker. If you need some advice to create a strong password, here is a Google tips with a video lesson to create strong password for your account. You can also check this password-making services like passwordsgenerator.net or strongpasswordgenerator.org.
Now you created a strong password, or a list of passwords for your site, but how to remember all these passwords. The passwordsgenerator.net will show the phonetic pronunciation of the password, if the password is created with the same tool. But if the passwords are created manually, remembering multiple passwords are very difficult. There some approaches to remember the passwords. Create a password that related it to an event, or an occasion or a thing that you only know and is easy to remember. You can also create a short form (acronym) for the long event, or for the occasion.
You should use a recovery email address to receive password reset codes through email, to get it via SMS add your mobile number. Intelligently use the password hint option, if the site is supported it. Some sites have an option to choose a question to verify your identity if you ever forget your password. Use a secret answer that you only know for the question. If you want to store your passwords never write your passwords on any paper and place it a space where it is easily accessible. If you decided to save passwords on your laptop or PC, then choose a unique name for the file, password protect the file (if possible-can possible in PDF and in word document) and keep the file hidden. We never recommend this method, as it is also easier to hack the file using some dedicated tools to open such files. If you are decide to proceed with it, never store bank account number, online banking passwords, transaction passwords or any other vital information in these digital documents. Many people advise against keeping passwords in a paper, but many people prefer this method, as it provides restrictions of users using the information. for example, if it is your personal diary, you may always carry it with you and if it is your secret diary you will store it in a safe place. I think this is the better option from my experience, but many people never support such a method. But remember, you should do some thing to keep your password safe and to recollect it if you forget it, which may happen if you have a number of accounts and you are not using the accounts regularly.
Anyways, you can take your own steps or methods to keep the password safe and secure. Here are some tools to do it online and offline.
KeePass is an open source password manager. It is a free, open source, light-weight and easy-to-use password manager. Passwords can be stored in highly-encrypted databases, which can be unlocked with one master password.You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). KeePass has a portable version, you can carry your password data in a USB drive and use it on any computer.
LastPass is an online password manager and form filler that makes web browsing easier and more secure. Add all your accounts details and encrypt them with a master LastPass password. The premium upgrade provides native mobile apps for iPhone, BlackBerry, Windows Mobile, Android, etc.
This is a free Online Password Manager, which you can use to securely save and manage passwords. It has a collaboration feature for professionals. All your passwords are saved in an encrypted form on its servers. Passpack claims it’s data privacy technology uses US Government approved encryption algorithms which protects customers from the accidental data breaches.
What you think about these tricks? Which method you are using to create strong passwords and which method you are using to store the password? Do you have any idea to easily recollect the passwords using some tricks?