A good password is more than just some obscure word or a random combination of characters. Modern password cracking software and computing power can easily break passwords in a surprisingly short time. “password123” can be hacked in 6 seconds.
Any password shorter than 12 characters is quick and easy to hack, and even longer passwords can be broken if not constructed correctly. Passwords are cracked through various methods.
Brute force attacks are the most common. This is when hackers try to force their way into an account by using good ol’ trial-and-error. This means simply guessing your password amongst the most common words and phrases people use or running bots armed with a base dictionary. These bots run through all possible combinations of characters until the correct password is matched.
Phishing emails/calls and Social Engineering/Hacking (using misrepresentation to manipulate you into giving them sensitive information) are also common methods of obtaining passwords and PIN codes. At Stone Tech Host, your security is important to us, and thus we would like you to use this advice to secure your passwords.
According to Wikipedia, “NordPass conducted the most breached passwords research in 2020.” Furthermore, “the Worst Passwords List is an annual list of the 25 most common passwords from each year as produced by internet security firm SplashData.”
For a good start to password security, DO NOT USE ANY OF THESE easily guessed passwords!
Best practices
Do not use the same or similar password for multiple other accounts, it’s especially important that you do not use work passwords for personal accounts and vice-versa.
Do not use personal details such as your or loved ones’ birthdates, names and surnames, addresses, phone numbers, favourite numbers, etc. This includes information your friends or family could guess.
Whenever available, always use Two-Factor Authentication or other added security measures such as your fingerprint, an OTP, security questions.
Change your passwords every now and then.
The longer your password, the more difficult it will be to hack (unless it’s like the passwords in the table above). If the account allows for a 32 or 64 character length password, go for it! But how will I remember something that long?
Use a reliable password manager
that can automatically generate completely random, very long and complex passwords, as well as keep track of all your login credentials securely. You’ll only have to remember your passphrase for your manager and the manager will remember the rest. Nowadays, password managers are smart enough to be installed as a web browser plugin or phone icons in your pulldown notification panel so you can quickly access them every time you need to login to an account.
How to create a master passphrase
A passphrase is safer than a password. It’s best to stop thinking that passwords need to consist of a single word. From now on, use phrases you’ll remember and create a personal formula that will only makes sense to you, such as abbreviating words, removing certain vowels, replacing letters with numbers or symbols, or even better, using words your kids made up.
Try using words that can’t be found in a dictionary and especially avoid words you’d normally use every day.
Anything such as punctuation, misspellings and special characters such as []{}<>, symbols and numbers all make your passphrase less predictable and therefore more difficult for people and bots to guess.
Develop your personal formula
- Choose a phrase you’ll remember. Start with ALL lowercase.
My sample phrase is short and simple but already 17 characters long and includes a word (plies = flies) I couldn’t pronounce properly as a toddler.
planets equal plies - Misspell a word and remove vowel(s) in a way that makes sense to you.
planits eqlplies - Add an uncommon special character or symbol
planits[eql]plies - Add a number or substitute a letter for a number
5planits [eql] plies - Remove all spaces:
5planits[eql]plies
Now you have a strong passphrase!
If you’re ever not sure, use Kaspersky to test how strong and hackable your passphrase is.
Lastly, check if your credentials have been leaked
Use Have I Been Pwned to check if you have an account that has been compromised in a data breach.
