How to protect yourself online with strong passwords

Using a password is similar to using a key for your house. The key to your home is used to lock and protect personal belongings from others who are not desired to enter the house.

An individual may have several accounts online, on different websites and apps, as important as the properties physically existing at home. Those may be emails, apps, website subscriptions, network servers, databases, online banking accounts, credit cards, etc. Strong passwords for these help in having a secure and strong lock, just like a lock to your house.

Most people, who are new to the online world, lack knowledge on setting up a strong password for their online accounts. But the increasing cyber crime can easily trace the passwords. And the results can be as terrible as the attack on Microsoft’s Hotmail and other web-based email services. A recent survey on these missing passwords revealed that many of the accounts had easy-to-guess passwords, and the most frequently used password among these was “123456″.

Some general methods that attackers use for identifying a victim’s password include:

• Guessing —The attacker tries to log on using the user’s account repeatedly by guessing probable or expected words and phrases like their children’s names, their birth city, and local sports teams.
• Online Dictionary Attack —The attacker utilizes an automated program consisting of a text file of many words. The program frequently tries to log on to the target system by testing a different word in the text file on each attempt.
• Offline Dictionary Attack — It is similar to the online dictionary attack; the attacker extracts a copy of the file in which the hashed or encrypted copy of user accounts and passwords are saved and runs an automated program to determine the password used for each account. This type of attack can be finished very quickly if the attacker gains a copy of the password file.
• Offline Brute Force Attack —This is a modified dictionary attack designed to discover passwords that are not present or available in the text file used in those attacks. Even though a brute (very strong) force attack can be tried online, because of network bandwidth and latency, they are generally attempted offline utilizing a copy of the target system’s password file. In a brute force attack, the attacker utilizes an automated program, which produces hashes or encrypted values for all possible passwords and analyzes them with the values in the password file.

Microsoft suggests that strong passwords can slow or sometimes break the various attack methods. This shows the importance of having a strong password.

Creating a Strong Password:

Passwords are case-sensitive and may be as long as 127 characters. A strong password:

• It should never consist of username.
• It should be minimum of eight characters long.
• Should compulsorily include both lowercase and uppercase alphabets (minimum one from each group is suggested).
• It should consist of minimum one number (0 to 9).
• It should consist of at least one symbol. (Eg: *, ^, $, #)

A string, which has all the above characteristics, is known as strong password. A complex password should not be something which is difficult to remember. Forgetting a strong or complex password, which is difficult to remember, is as harmful as getting attacked by a weak password.

The password created must be easier to remember but difficult for anybody to guess. It can also be a favourite phrase or quotation, or a mixture of two words. Substitutes for alphabets can also be used to satisfy the above criteria for a strong password. For example, ‘a’ in the password can be substituted with ‘@’; similarly, ‘i’ can be replaced with ‘!’; and ‘o’ with ‘0’ or ‘()’.

It is a good practice if a password is changed periodically, like monthly or quarterly.