Published: Tue, May 09, 2017
Business | By Max Garcia

Protect Passwords from Hackers

Protect Passwords from Hackers

We've heard it all before.

"Passphrases" are much more hard to guess than a short password. For instance creating a password from the phrase "I'd love to own a brand new Ferrari"!

The study was timed in honor of World Password Day, which is today. The email usually asks for confirmation of login, password or credit card information and will direct users to a webpage that mirrors the company's real website. How do we even get started?

Don't use the same password for multiple accounts, but do change your passwords often. Users want to access their information quickly, whether that's logging into Gmail or hopping onto Twitter, and as a result, their last concern is security.

Consumers can't be exclusively held responsible for security. That's where our security experts can help.

"When forced to change one, the chances are that the new password will be similar to the old one". There are plenty of free tools such as password managers that can help create and store different credentials for each account. Avast also studied how people feel about their online security, and discovered almost 62% of individuals surveyed took action after a public data breach, changing their password to the affected site. Don't forget to change those shared passwords for online streaming sites either! Those options effectively amount to no password at all, as they would be one of the first things any enterprising hacker would attempt to guess. Do a web search for "most common passwords" and you'll find several places list passwords like "123456" or "password". He said the more complicated the better. Use two- or multi-factor authentication for extra security. This includes using your fingerprint, face, or trusted device as a MFA. Have you ever emailed sensitive documents? The thought is, how about no passwords? So please refrain from sharing your password with anyone.

= The government in the U.K.is also interested in doing away with passwords altogether and come up with something equally or more secure.

And even those who do aren't guaranteed immunity from hackers or data thieves; a new United Kingdom study shows that malware can figure out a user's device password just by "observing" (via sensors, gyroscopes, and accelerometers) the direction and position a device is held.

"Users need to remember these passwords and if they're overly complex or if they change too frequently, users will resort to writing them down", said Scott Petry, CEO of Authenticat8, developers of a virtual browser called Silo. The most secure password in the world means nothing if it is stored in plain text and is directly associated with an account name.

The final version of NIST's Digital Identity Guidelines (SP 800-63-3) also challenges the effectiveness of what has been traditionally considered authentication best practices, such as requiring complex passwords. Reusing your passwords can reward anyone who steals one of your passwords with the key to a number of other sites as well, making the damage far worse. Yet it is not human nature to consider password security.

Only 47 per cent of people use a combination of upper and lowercase letters in their passwords and only 64 per cent use a mixture of letters and numbers.

Above: McAfee created a game for World Password Day.

In April, Microsoft announced plans to kill off the humble password by replacing it with a smartphone-based authentication method. "Forrester sees authentication solutions using navigational clickstream analytics, device location and sensor data, and mouse and touchscreen movement attributes to build normal behavior baselines for users and devices, which the solutions can use to detect anomalies'. The server never sees the private key, so an adversary can not attack a server to steal private keys".

So, we may not have any traditions for Password Day yet, but that's OK, every tradition is a new idea to begin with and if anything in computer security deserves a bit of attention, it's your password.

Splitting the password into three chunks, "freQ!", "9tY!" and "juNC", reveals what might be remembered as three short, pronounceable words: "freak", "ninety" and "junk". Swap out numbers and symbols for letters and add in a few capital letters to make passphrases stronger. "For example, the sentence "I hate eating brussels sprouts on cold rainy Saturday afternoons" could be turned into the following password: Ih8ebsocrSa".

Like this: