With the current trend of technological advancements, we now store nearly all our data on the internet, making security an important factor when having any sort of online presence. Protecting your digital identity starts with understanding how to defend your accounts against increasingly sophisticated cyber security threats.
Every person who has access to the internet will definitely have an email address and most of them will have a few social media accounts, as they are closely integrated into our daily life whether we like it or not. These platforms are the most crucial when concerning security as a lot of personal data is stored on them. Why?
If someone gains access to your email account, besides having access to all your sent and received emails, they could also use the "forgot your password?" feature on other websites you use, like banking sites, online shopping, or social media in order to get access to those accounts. If a hacker gets into your social media they have the power to scam your friends, humiliate you by sharing false information, or even use your image for illegal activities. A good password is what stands between you and the ill-willing people who wish to steal or misuse your precious data.
🛡️ What constitutes that Your Accounts Stay Safe?
No one wants to go through the hassle of trying to recover a lost account from virtually any service provider, which could sometimes even be completely impossible. While some accounts are for pure entertainment and leisure, others could seriously endanger your assets and quality of life such as your governmental and bank accounts. Ensuring online security requires a multi-layered approach beyond just a simple login string.
To avoid the headache, here are a few things you should keep in mind when being the owner of almost any online account:
💪 Strong Passwords
This is a no-brainer; if you have simple and ‘weak’ passwords, it will not take long for your accounts to fall into the hands of cybercriminals. We will discuss later on in this blog on how exactly do weak passwords get cracked and what you can do to create a strong password that will take hundreds of years to brute force. A robust password is your first line of defense in the vast landscape of the internet.
🔄 Regular Password Changes
While the average internet user understands how password strength affects their account security, this is one of the lesser-known facts. Even the strongest passwords need to be changed regularly. There are thousands of small and big data leaks and breaches happening to even the most trusted and reputable service providers. You might never even know that such an event happened, thus never finding out that your secure password is compromised.
It is strongly recommended by cybersecurity experts that you change all your passwords every two months, with a maximum period of six months between password changes. This is especially true for administrative accounts; for instance, knowing how to change Linux passwords regularly is a vital skill for server administrators.
🔑 Multiple Passwords
This is another cybersecurity practice most online users ignore, but it is no less important than the previous two. You MUST have different passwords for each one of your online accounts. With nearly every online service out there requiring an account to use, it might seem nearly impossible to do. Here is where a trusted password manager comes into play. It keeps track of all your passwords and requires only a single master password to operate.
If you don’t feel like going down that route, we still recommend having unique passwords for all your most critical accounts such as your main e-mail, banking systems, governmental institutions, etc. For all the rest, have a few passwords that you use for each category (i.e., one for social media accounts, one for online services, one for gaming platforms, etc.).
verification 📱 Two-factor Authentication
Two-factor authentication, sometimes called 2FA, is a security measurement only recently introduced to most platforms that adds an additional step to your login process. Most of the time, it takes only a few seconds, but it greatly increases the security of the account. To understand the underlying mechanics of this technology, you can explore what is 2FA in our dedicated guide.
There are different ways that such a system gets implemented. It could use biometric authentication such as a fingerprint, retina, or face scan on your device. Most, however, opt for an ‘authenticator’ app to be downloaded on a smartphone that displays a rotating set of codes or via a code in a text message.
🌐 General Cybersecurity Practices
Strong passwords and 2FA are not the only things you should keep in mind to protect your accounts while browsing the web. Ensuring that the sources you download anything from are reliable and trustworthy is the easiest step someone could take to enhance their cybersecurity. Avoiding visiting suspicious sites and ones without an SSL is also a good practice. If you are a business owner, you should consider a Buy SSL Certificate plan to protect your users' data during transmission.
🏢 Physical Security
This one gets often overlooked, but is also a common way many accounts get compromised. Forgetting to log off from a library or any other public system is the most common mishap. Others might include leaving an unlocked device without someone to look after it and letting strangers use your devices. Always remember that software security cannot compensate for a lack of physical vigilance.
⚠️ How do Passwords Become Compromised?
There is no point reiterating the importance of having a strong and secure password. Cybercriminals have a plethora of methods they could use to gain access to your accounts. Compromised login credentials are even sold on the dark web for quite a large profit at times. Understanding these methods is key to preventing them.
Here are some of the ways malicious actors could crack your passwords and gain access to one or even all of your accounts:
🔨 Brute Force Attack
This is the most rudimentary method to gain access to someone’s account. A script simply attempts every single letter, number, and special character combination until one succeeds. While most online services have a system in place to prevent this from happening, it is still very much possible if you have a weak password. On servers, administrators often have to learn how to protect from RDP brute force to keep their remote connections secure.
📖 Dictionary Attack
A more advanced version of the brute force attack, yet still operating on the same principles. In case a password is simply a word or a word combination that can be found in your average dictionary, this is the one to fear the most. It attempts to crack a password by trying out every word found within the English dictionary. Using "password123" or "admin" makes you an easy target for this specific method.
🎣 Phishing
This one is a bit trickier to avoid than the previous two. While having a strong password will be just enough for brute force and dictionary attacks, it will sadly not affect the outcome if you fall victim to a phishing scam. Phishing is when cyber criminals trick you into giving up your login credentials by creating a fake website that strongly resembles the one you actually use. They will typically send you a link to this phony website either through email or via instant messaging.
For example, you receive an email from “Facebook” saying that your account has been compromised and you need to complete some security actions on it. Within this email, you will find a link you can click on that takes you to a website that looks exactly like the Facebook login page with a similar URL to facebook.com. If you are not vigilant, you will simply enter your login credentials but all of a sudden, nothing happens when you try to log in. You think it is just a bug with the site and continue on with your day. Well, now the damage is done and you have willingly handed over your login username and password to the cyber criminals.
📝 How to create a strong password?
In order to protect yourself from any malicious actions with your data, here’s a little guide on what you should and shouldn’t do. Creating a complex password is an art that balances memorability with randomness.
🧐 Choose a password that no one can guess.
- Don’t use your name or derivatives of it (e.g. max, maxy, maxiee, xmaxx)
- Don’t use your personal data like town, date of birth or country (e.g. 98polawarsaw, 96frankgerman)
- Don’t set default passwords. 123456, iloveyou, passwordispassword, admin and guest are some examples of passwords not to use. If you are setting up a database, for example, never leave the default Postgres password active.
✨ Choose a unique password.
- Don’t pick a short password. At least 8+ characters (12-16 is much better)
- Use a variety of letters, numbers, symbols and capital letters (1L0v3CH0c0L4t3!)
- Don’t use a solitary word in any language, try to misspell it much as possible
- You can use online Password generators to create strong passwords
Before choosing a new password, why not test it out on the Kaspersky password checker. It’ll tell you how fast your password could be cracked using a brute force attack. Furthermore, if you are looking for creative inspiration, you can check out our list of password ideas to help you build a memorable yet secure string.
📊 Comparison: Weak vs. Strong Passwords
| Feature | Weak Password | Strong Password |
|---|---|---|
| Length | Short (Under 8 characters) | Long (12+ characters) |
| Complexity | Only lowercase letters | Mixed case, numbers, and symbols |
| Predictability | Uses names or birthdays | Random or unrelated phrases |
| Brute Force Time | Seconds to Minutes | Centuries to Millennia |
💡 Pro Tips for Ultimate Account Security
- Use Passphrases: Instead of a word, use a long sentence that only you know. For example, "TheBlueCatAte3LargePizzas!" is much harder to crack than "P@ssw0rd1".
- Check for Breaches: Use services like "Have I Been Pwned" to see if your email has been part of a known data breach.
- Secure Your Recovery Email: Your secondary email is the "keys to the kingdom." Make sure it has the strongest password and 2FA enabled.
- Avoid Public Wi-Fi for Sensitive Tasks: Never log into your bank or private accounts on public networks without a VPN.
🏁 Conclusion
We hope that with the help of this article not only are you able to create a strong and secure password, but also be able to implement standard cybersecurity practices in order to help you keep your accounts safe. Digital safety is an ongoing process of education and vigilance. By combining powerful passwords with 2FA and cautious browsing habits, you can significantly reduce your risk of becoming a victim of cybercrime. If you have any questions or suggestions regarding password security or general online safety, please leave them in the comment section below.
I'm fascinated by the IT world and how the 1's and 0's work. While I venture into the world of Technology, I try to share what I know in the simplest way with you. Not a fan of coffee, a travel addict, and a self-accredited 'master chef'.