Password Security

 Passwords

Weak passwords are one of the biggest reasons of security breaches all around the world. Whenever someone starts talking about security, he/she definitely will talk about passwords' security. There is a standard list of precautions of Dos and Don’ts.  

Normally you can find this list on any of the security awareness mailer or on Internet and it  goes as follows

1-      Do not create weak passwords.

2-      Imagine strong passwords and the characteristics of strong password are

3.       Create long password 8-9 characters

4.      Your password must consists alphanumeric values and special character.

5.       Use pass-phrase and make it complex for example “TimeforTea” now you can make it “T1mef0rt3a” or  “T1mef@rT3a”

6-      Do not share your password with your friends and colleagues

7-      Do not write your password on postit and stick to monitors and on your desk.

8-      Do not use one password for all the accounts. Try to be creative, categorize the accounts as per confidentiality & criticality and create different password for different type of accounts.

9-      Avoid using public computers to login to your banking accounts.

10-      Try to adopt Two factor authentication wherever possible ; Two factors authentication is a double layer security where you are required to get authenticated with more one than one ways.. for example what you know and what you have. Bio-metric authentication adds "Who you are" component in the authentication.

11-      Beware of the websites that asks your personal details. Do not disclose passwords online.

12-      Beware of the phishing accounts – Phishing is a method, used by attackers to incite users so they can click on the fake links given in the genuine looking email. The sender pretends to be a genuine source like your bank etc. Once you click on the fake link or enter your credentials, the hackers steal your information and misuse it.

13-   Beware of shoulder surfing. Always check your surroundings before you enter the credentials.

Hell Bent to crack

There are lots of free tools easily available on Internet to hack others’ password. Some of the most common are Brutus, RainbowCrack, Wfuzz, Cain and Abel and John the Ripper etc. Due to the high speed internet with more and more bandwidth, it takes quite less time to crack the complex passwords. The Problem is that dictionary words and their combinations are easy to guess. As a matter of fact there are lots of such lists available on internet which you can simple use to crack the password. There are cognitive tools which require some human inputs about the target so they can produce the list of probable password the target can think of...these tools can prove lethal if someone really knows a lot about the target and has the intention to crack his/her secret passwords.

“Single Sign On”

Nowadays, big companies introduce “Single Sign On”, an access management appraoch, where a user logs in once and gains access to all systems without being prompted to log in again at each of them. There are apparent benefits and disadvantages of this approach.  It is easy to remember one strong password than multiple easy passwords. It is convenient and increases the security since it would be difficult and time taking for an attacker to crack the strong password. On the other hand, it is a single point of failure, once a single password compromised, it can create havoc.

Fusion is the way

People are adopting the new fusion approach while creating the password that is mixing two languages. If you know English and Hindi, you can use “Hinglish” to create passwords and that would be really difficult for dictionary attacks to crack.  For instance you can create a password such as “MeraDoggy@049”.  

Do not create so much complex password that you cannot remember and even the strongest password, if kept and stored insecurely serves no purpose.