The Do’s and Don’t’s of Cyber Security: Passwords
By Ricardo Flores
December 10, 2021
Are you one of those people whose password is the same everywhere? How about having “hello123” or something straightforward as “password” or your name for your bank account? In fact, in 2016, a massive data leak from the Yahoo database revealed the top 10 passwords used by people in the following order of priority:
- 123456
- password
- welcome
- ninja
- abc123
- 123456789
- 12345678
- sunshine
- princess
- qwerty
Interestingly, these passwords are as easy to submit as to guess: hackers use brute-force attacks involving a different combination of queries. These include passwords databases from data leaks, dictionary examples, and easy to guess instances like those above.
So, you might wonder, how could I protect myself from the consequences of data breaches and keep myself secure in the ever-growing digital world? For this, here is a consolidation of four cyber security password tips for you to analyze if your information is genuinely safe.
1. Never use the same password for everything
Using a single password for everything is extremely risky and makes you highly prone to a security breach. Having one password can turn a simple security breach into a minor one with considerable risk. Think about it; if your password is leaked in any way, all your accounts would be at risk. As users have 90 online accounts on average: relying on a single password is risky and far from being secure.
However, if you still want to rely on easy access, single sign-on (SSO) is an authentication method to securely log into multiple applications with a single set of credentials. SSO tends to be one of the most secure and convenient ways to sign in, as those credentials don’t necessarily have to be a password. Websites that implement SSOs can provide more convenience for the user without compromising security.
2. Capitalization and Numbers
An intelligent use of capital letters and numbers helps create a unique and complex password
Not a fan of not using undecipherable words or terms? Try adding numbers or capitalize strategically to create a more unique password. The addition of different numbers and capitalized letters is a good recommendation and even recently has been enforced in most secure sites where delicate information is involved.
However, as the previous examples show, numbers and certain capitalization will not protect you from easy guesses or social engineering. This applies mainly if your password includes personal information such as your birth date, easy-to-guess numbers, or even the name of a family member. You should be looking for complexity. Anything easy to think about, no matter how hard it seems, leads to a security breach.
3. Uniqueness
A password that can’t be thought of or found anywhere is ideal
As mentioned above, dictionary attacks and easy-to-guess passwords are the most common sources of safety breaches. Using letters and numbers strategically and in an unrecognizable manner, but identifiable to only yourself, is a solid security step and almost undesirable by any ordinary hacker. Thus, special characters also help the uniqueness of a password, often going in any place deemed more difficult to guess than before.
However, having many unrecognizable passwords should not matter with an SSO implemented. It allows the usage of one or multiple complex passwords to access many applications. Finally, an anonymous login method will make it harder for those collecting information to know where to start.
4. Password Length
According to security site https://howsecureismypassword.net/, a password following all the previous measurements should resist quite some time. But importantly, a lengthy password will obviously be more challenging to crack than a concise one. This is simple as whenever a machine tries to break a password, it goes in a process to force itself through thousands of attempts to get inside. As the objective is smaller, the number of tries in retrospect is smaller than what a longer password would take.
Analysis has shown that a 6 character password takes between 13 hours to 1 week while a 15 character password takes 34 thousand years to crack. Try testing it yourself using our previous cyber security password tips and compare. Length matters regarding your password security, and you should not be intimidated to add characters.
However, if memory is a concern, consider sticking to sites that implement safe and secure SSO solutions that allow access to numerous applications through a single set of login credentials. Even though SSO might just still be a single way to access all your applications, it is flexible. It can implement multiple alternative logins that don’t require passwords but still act as a unique key and close to the user. Thus, strength without relying on memory by manually logging into individual accounts can prove beneficial, regardless of the length or strength of your password.
With these tips in mind, I think you can strengthen your own security and worry less about constant data breaches. But why worry about keeping up with passwords when there is a convenient way to log in and guaranteed security is already at the tip of your fingers? Implementing an SSO brings solutions that ensure safe and personalized access to platforms, with many providing convenience and protection from breaches. One SSO solution such as this would be humanID.
What makes humanID unique is its passwordless authentication system to securely log into multiple applications and accounts with a single set of credentials. humanID lets you go passwordless, ensuring each user’s privacy and anonymity. It also helps prevent spam accounts and bot misinformation, with the use of human authentication by phone number. Subsequently, SSOs provide a better verification process to avoid a future with automated and unverifiable accounts. Therefore, humanID offers the added advantage of entirely eliminating passwords with its technology. Users are guaranteed a convenient and more secure login experience without worrying about keeping track of tricky and complicated passwords.