To protect your online accounts like Emails & social media platforms you should use a strong password. when it comes to choosing a password most people are lazy. choosing a hard to guess password is necessary because it will protect your important & personal data online or even offline!
There are tools such as OCLHashcat that can crack passwords or even the most difficult passwords but it’s all about the time. if you use a very long and sophisticated password it takes a long time to crack your password so practically it’s impossible to crack since the time and energy equals money
There are many Leaked password lists online. these passwords are mostly stolen during a data breach event on big companies like, yahoo, sony , Adobe ..etc. you can use the online site haveibeenpwned.com to check if your account is compromised or not
you need a strong password. what is a strong password? a long password including letters (uppercase and lowercase), numbers and special characters . creating such password maybe hard at the first glance , but there are many ways to do this and we will discuss about it here
There are tools called password managers. these tools will save your password in a safe vault and often make the passwords for you and recommend you the strong password to choose. the downside of using a password manager is they use a master password to access and if somehow your master password leaked you are done! the other problem is if you lose the master password or forget it , you will lose access to all of your passwords , however you can always recover your passwords from your online accounts but it’s a time consuming process especially if you have lots of accounts .
we mentioned the problems with password managers but if you perform the tips in the following section, you can use password managers without any problem.
- Rule no.1 : use strong password phrases not passwords with 18 to 26 characters. what do I mean by pass phrases not passwords ? I mean don’t type words like cat , holiday , apple etc. instead use random characters that are meaningless . unfortunately we as a human cant remember these passphrases and that’s why we use password managers to take care of that for us.
- Rule no2. : Never use one password for two or more accounts. this way if one account gets hack in anyway your other accounts will be safe.
- Rule no3 : Don’t write down your password or master password . it’s difficult to remember passwords but sometimes it’s Inevitable. what should we do ? you can write it down but in cyphers and in a cryptic way that only you can understands it, for example use some form of cryptographic formula to write it down or only write down a portion of it or better don’t write down the password just write a hint for your self to your own password that only you will understands the meaning of it. it’s not recommended to write down password anyway
there are many password managers online and internet browsers are also have built in password managers that make it more easy to use the but I recommend using the open source password managers such as keepass
having a strong password is not going to protect you when someone have physical access to your device. for example you left your desktop or laptop open and the browser is showing you email.. well anyone that have physical access can read your emails . in order to be safer you should also protect your own device . for desktop and laptop devices you can set a time limit that logout your account when you are not using it. for example in windows you can set a time limit , if you didn’t use your device for 15 minutes it will automatically logout . remember to use a hard to guess password also .
you can do this better in mobile phones using passcode , Patterns , fingerprints or face recognition feature. using one of these security measures alone is not recommended. it’s better to use two of them at the same time. for example use a ALP Pattern for alongside the passcode or fingerprint scanner.
remember that mobile devices such as your smartphone or Tablet or laptops are the most vulnerable to physical attacks . Why ? it’s obvious . they are mobile and you carry them with yourself anywhere and they can be lost or stolen. instead a Desktop PC at home or office are less vulnerable to physical access unless someone breaks into your home or office or you have a guest and he/she may sneaks to your stuff while you are away for a while
using passwords in general are necessary but they are not enough. most online services these days offer you a 2FA Option for more security and using it is highly recommended.
What is 2FA ? it means Two Factor Authentication. it means in order to access your account you need more than one Authentication method. the second method is mostly one of these options : sms code , Email Code , Aplication code
SMS code is good but some people reported the hacks . the way it works is whenever you wanna access your account it first ask your password , then it will send you an temporary sms to your mobile phone , but do you trust the telecommunications companies ? there are reports that hackers , pawned the Cellular Tower in order to get 2FA codes in mass! the better way to use 2FA option is install an Authenticator app such as Authy or google authenticator on your mobile phone and receive the code in your application on your phone
at the end I give you some extra tips for more security :
- never share your password with anyone even your closest friend
- don’t write down your password
- change your password periodically
- don’t use the same password for another account
- use password longer than 18 characters including Letters (Lowercase & Uppercase), Numbers & Special Characters
- don’t just use special character between words in your password , this way password crackers can guess them
- Don’t use password , use pass phrases that are meaningless
- try to use password managers
- use 2fa if available
- it’s better to not using browsers as password managers
it’s always better to stick to the open source options for your security if available , and not using Centralized Corporate password managers like lastpass or rely o companies like google for managing your passwords .