List of content you will read in this article:
With the current trend of technological advancements, we now store nearly all our data on the internet, making security an important factor when having any sort of online presence.
Every person who has access to the internet will definitely have an email address and most of them will have a few social media accounts, as they are closely integrated into our daily life whether we like it or not. These platforms are the most crucial when concerning security as a lot of personal data is stored on them. Why?
If someone gains access to your email account, besides having access to all your sent and received emails, they could also use the "forgot your password?" feature on other websites you use, like banking sites, online shopping, or social media in order to get access to those accounts. If a hacker gets into your social media they have the power to scam your friends, humiliate you by sharing false information, or even use your image for illegal activities. A good password is what stands between you and the ill-willing people who wish to steal or misuse your precious data.
What constitutes that Your Accounts Stay Safe?
No one wants to go through the hassle of trying to recover a lost account from virtually any service provider, which could sometimes even be completely impossible. While some accounts are for pure entertainment and leisure, others could seriously endanger your assets and quality of life such as your governmental and bank accounts.
To avoid the headache, here are a few things you should keep in mind when being the owner of almost any online account:
This is a no-brainer; if you have simple and ‘weak’ passwords, it will not take long for your accounts to fall into the hands of cybercriminals. We will discuss later on in this blog on how exactly do weak passwords get cracked and what you can do to create a strong password that will take hundreds of years to brute force.
Regular Password Changes
While the average internet user understands how password strength affects their account security, this is one of the lesser-known facts. Even the strongest passwords need to be changed regularly. There are thousands of small and big data leaks and breaches happening to even the most trusted and reputable service providers. You might never even know that such an event happened, thus never finding out that your secure password is compromised.
It is strongly recommended by cybersecurity experts that you change all your passwords every two months, with a maximum period of six months between password changes.
This is another cybersecurity practice most online users ignore, but it is no less important than the previous two. You MUST have different passwords for each one of your online accounts. With nearly every online service out there requiring an account to use, it might seem nearly impossible to do. Here is where a trusted password manager comes into play. It keeps track of all your passwords and requires only a single master password to operate.
If you don’t feel like going down that route, we still recommend having unique passwords for all your most critical accounts such as your main e-mail, banking systems, governmental institutions, etc. For all the rest, have a few passwords that you use for each category (i.e., one for social media accounts, one for online services, one for gaming platforms, etc.).
Two-factor authentication, sometimes called 2FA, is a security measurement only recently introduced to most platforms that adds an additional step to your login process. Most of the time, it takes only a few seconds, but it greatly increases the security of the account.
There are different ways that such a system gets implemented. It could use biometric authentication such as a fingerprint, retina, or face scan on your device. Most, however, opt for an ‘authenticator’ app to be downloaded on a smartphone that displays a rotating set of codes or via a code in a text message.
General Cybersecurity Practices
Strong passwords and 2FA are not the only things you should keep in mind to protect your accounts while browsing the web. Ensuring that the sources you download anything from are reliable and trustworthy is the easiest step someone could take to enhance their cybersecurity. Avoiding visiting suspicious sites and ones without an SSL is also a good practice.
This one gets often overlooked, but is also a common way many accounts get compromised. Forgetting to log off from a library or any other public system is the most common mishap. Others might include leaving an unlocked device without someone to look after it and letting strangers use your devices.
How do Passwords Become Compromised?
There is no point reiterating the importance of having a strong and secure password. Cybercriminals have a plethora of methods they could use to gain access to your accounts. Compromised login credentials are even sold on the dark web for quite a large profit at times.
Here are some of the ways malicious actors could crack your passwords and gain access to one or even all of your accounts:
Brute Force Attack
This is the most rudimentary method to gain access to someone’s account. A script simply attempts every single letter, number, and special character combination until one succeeds. While most online services have a system in place to prevent this from happening, it is still very much possible if you have a weak password.
A more advanced version of the brute force attack, yet still operating on the same principles. In case a password is simply a word or a word combination that can be found in your average dictionary, this is the one to fear the most. It attempts to crack a password by trying out every word found within the English dictionary.
This one is a bit trickier to avoid than the previous two. While having a strong password will be just enough for brute force and dictionary attacks, it will sadly not affect the outcome if you fall victim to a phishing scam. Phishing is when cyber criminals trick you into giving up your login credentials by creating a fake website that strongly resembles the one you actually use. They will typically send you a link to this phony website either through email or via instant messaging.
For example, you receive an email from “Facebook” saying that your account has been compromised and you need to complete some security actions on it. Within this email, you will find a link you can click on that takes you to a website that looks exactly like the Facebook login page with a similar URL to facebook.com. If you are not vigilant, you will simply enter your login credentials but all of a sudden, nothing happens when you try to log in. You think it is just a bug with the site and continue on with your day. Well, now the damage is done and you have willingly handed over your login username and password to the cybercriminals.
How to create a secure password?
In order to protect yourself from any malicious actions with your data, here’s a little guide of what you should and shouldn’t do.
Choose a password that no one can guess.
- Don’t use your name or derivatives of it (e.g. max, maxy, maxiee, xmaxx)
- Don’t use your personal data like town, date of birth or country (e.g. 98polawarsaw, 96frankgerman)
- Don’t set default passwords. 123456, iloveyou, passwordispassword, admin and guest are some examples of passwords not to use.
Choose a unique password.
- Don’t pick a short password. At least 8+ characters
- Use a variety of letters, numbers, symbols and capital letters (1L0v3CH0c0L4t3!)
- Don’t use a solitary word in any language, try to misspell it much as possible
Before choosing a new password, why not test it out on the Kaspersky password checker. It’ll tell you how fast your password could be cracked using a brute force attack.
We hope that with the help of this article not only are you able to create a strong and secure password, but also be able to implement standard cybersecurity practices in order to help you keep your accounts safe. If you have any questions or suggestions, please leave them in the comment section below.