Passwords
Weak passwords are one of the
biggest reasons of security breaches all around the world. Whenever someone starts
talking about security, he/she definitely will talk about passwords' security. There
is a standard list of precautions of Dos and Don’ts.
Normally you can find this list on any
of the security awareness mailer or on Internet and it goes as follows
1- Do
not create weak passwords.
2- Imagine
strong passwords and the characteristics of strong password are
3.
Create long password 8-9 characters
4.
Your password must consists alphanumeric values and special character.
5.
Use pass-phrase and make it complex for example “TimeforTea”
now you can make it “T1mef0rt3a” or “T1mef@rT3a”
6- Do
not share your password with your friends and colleagues
7- Do
not write your password on postit and stick to monitors and on your desk.
8- Do
not use one password for all the accounts. Try to be creative, categorize the
accounts as per confidentiality & criticality and create different password
for different type of accounts.
9- Avoid
using public computers to login to your banking accounts.
10- Try
to adopt Two factor authentication wherever possible ; Two factors
authentication is a double layer security where you are required to get authenticated with more one than one ways.. for example what you know and what you have. Bio-metric authentication adds "Who you are" component in the authentication.
11- Beware
of the websites that asks your personal details. Do not disclose passwords
online.
12- Beware
of the phishing accounts – Phishing is a method, used by attackers to incite
users so they can click on the fake links given in the genuine looking email. The
sender pretends to be a genuine source like your bank etc. Once you click on
the fake link or enter your credentials, the hackers steal your information and
misuse it.
13- Beware
of shoulder surfing. Always check your surroundings before you enter the
credentials.
Hell Bent to crack
There are lots of free tools
easily available on Internet to hack others’ password. Some of the most common
are Brutus, RainbowCrack, Wfuzz, Cain and Abel and John the Ripper etc. Due to
the high speed internet with more and more bandwidth, it takes quite less time to
crack the complex passwords. The Problem is that dictionary words and their
combinations are easy to guess. As a matter of fact there are lots of such
lists available on internet which you can simple use to crack the password. There
are cognitive tools which require some human inputs about the target so they
can produce the list of probable password the target can think of...these tools
can prove lethal if someone really knows a lot about the target and has the intention to
crack his/her secret passwords.
“Single Sign On”
Nowadays, big companies introduce
“Single Sign On”, an access management appraoch, where a user logs in once and gains
access to all systems without being prompted to log in again at each of them. There
are apparent benefits and disadvantages of this approach. It is easy to remember one strong password
than multiple easy passwords. It is convenient and increases the security since
it would be difficult and time taking for an attacker to crack the strong
password. On the other hand, it is a single point of failure, once a single
password compromised, it can create havoc.
Fusion is the way
People are adopting the new
fusion approach while creating the password that is mixing two languages. If you
know English and Hindi, you can use “Hinglish” to create passwords and that
would be really difficult for dictionary attacks to crack. For instance you can create a password such as
“MeraDoggy@049”.
Do not create so much complex
password that you cannot remember and even the strongest password, if kept and
stored insecurely serves no purpose.