Simply Computing

Blog

Password Security

By Theresia Joseph, Network Admin for Simply Computing

 

Nowadays, users have to manage an almost endless amount of login credentials for a wide variety of websites and systems as each of them requires separate logins. Therefore, it is quite common that the majority of users struggle to remember their passwords or even their usernames.  

An average of 80% of all cyber-attacks involve a weak or compromised password. Poor password management habits and a lack of digital security practices give malicious attackers the opportunity to access sensitive data and damage personal and professional data. 

Despite the risks, most users develop bad password habits to avoid the hassle of forgetting a password and having to reset. In fact, 60% of users choose either too weak passwords or an insecure method to remember their passwords. This makes it easier for unauthorized people to access the system, review sensitive data and damage files or information.



The following list outlines some of the most common bad password habits:

  •     Using simple words like ‘password’, welcome, monkey etc.
  •     Using simple numeric combinations as ‘12345’ or ‘123456789’
  •     Using the characters from your keyboard in order i. e. qwerty
  •     Using meaningful numbers like birthdays or social security numbers
  •     Using names from family, friends or pets, eg. the name of their child or partner
  •     Writing the password down on a sticky note and attaching it to the system
  •     Keeping passwords in an excel file

 

Even users with a technical background are tempted to use bad habits. This was shown in an incident from the Hawaii Emergency Management Agency (HEMA) in January 2018 when the government sent out a fraudulent alert of an incoming missile. 

During the investigation of the false alert, the federal communications commission found a picture showing a HEMA officer in front of his monitor screen where he attached a couple of sticky notes. One of those notes, spelled out: ‘Password: warningpoint2’. This example shows that unauthorized access to a system can have significant consequences for a business.

 

Another important fact is that most users share their passwords with too many people as they do not see any harm in doing so. But there are a couple of facts that they often do not consider: 

First of all, if a user shares his or her passwords with too many people they will lose the overall view who has access to their systems. Secondly and even more relevant, the user cannot control if the people they trust are also sharing the password with other people. Through creating a habit like this the user will certainly lose control of their own account. 

A related problem is that many users also use the browser function from safari, chrome, etc. to store their usernames and passwords. Those users often do not recognize that anyone who uses their computer for whatever reason will also have access to all user accounts.

This attitude might change if a user begins to consider their passwords like they are the keys for their house. People hesitate to share access to their personal belongings with just anybody. For a good reason. 

 

Using a password generator is one way to create a unique password. Tools like “Password Generator” will automatically generate passwords based on user specific guidelines, including upper and lowercase letters, numbers, symbols, pronounceability, length, and strength, eg. “GEnnGspJF2yJM”.

However, passwords like the above or “2rdiaw,aI,Itt1ltb,atmatd” can be very difficult and almost impossible to remember, but using the following trick will help to memorize a password and increase the security for any user account.

 

  1.   Chose a phrase out of a song or a book, f. e.

“Two roads diverged in a wood, and I, I took the one less traveled by, and that made all the difference.”
– Robert Frost 

Ideally, this phrase has an individual meaning for the user and is not well known by the rest of the world.

  1.   Convert numerous words into numbers: 

2 roads diverged in a wood, and I, I took the 1 less traveled by, and that made all the difference.

  1.   Choose the first letter of each word by keeping it case sensitive.

2 roads diverged in a wood, and I, I took the 1 less traveled by, and that made all the difference = 2rdiaw,aI,Itt1ltb,atmatd

  1.   Alternatively, it is also possible to convert letters that are similar to number into numbers: 0=O, I=1, Z=2, E=3 and so on, i. e.

Tb0ntb,t1tq = “To be or not to be, that is the question.”
– William Shakespeare

 

Furthermore, to increase the security for user account some applications or websites provide the option to add the multi-factor authentication method to the login process. This method only grants access for users after they have successfully presented two or more pieces of evidence for authentication. 

The most common method is the so-called two-factor authentication (2FA) which confirms the identity of the user by using two different methods. The best-known example for this method is an ATM withdrawing where the user has to provide their card and their personal PIN to allow the transaction. Leveraging smartphone applications like Google Authenticator or Authy, which provides a two-factor authentication code to complete the login process, can also be used to protect online user accounts. 


 

Using passphrases will help user to memorize their passwords. However, due to the number of separate user accounts, a user still might struggle to remember all of those different passphrases, especially when they do not require frequent access to specific user accounts. 

In this case, password management tools like “Keeper Security Password Manager” or “LastPass” provide a simple, but secure solution to store passwords and keep them up to date.

 

In summary, everyone should be aware of the risks they are exposed to and protect user accounts and important by ensuring a proper password protocol: 

  1.   Creating strong passphrases for each individual account 
  2.   Using a password management tool to store passwords and keep them up to date
  3.   Credentials should not be shared with anyone for any reason
  4.   If possible add two-factor authentication to protect the user account




FEATURED POSTS

Reduce Your Email Load with Three Features in Apple’s Mail: Mute, Block, and Unsubscribe

Reduce Your Email Load with Three Features in Apple’s Mail: Mute, Block, and Unsubscribe

Email overload may be a fact of life, but Apple has provided three features in Mail that can reduce some of the load: muting, blocking, and unsubscribing. Start using them today with the instructions here.

AirTags: Everything you need to know

AirTags: Everything you need to know

Apple’s new AirTags are great for finding your keys or bag, but they also come with some security and privacy implications—someone could try to track you with a hidden AirTag. Read on to learn how Apple helps you detect such a problem

What Is This “App Tracking Transparency” Apple Added to iOS 14.5?

What Is This “App Tracking Transparency” Apple Added to iOS 14.5?

New in iOS 14.5 is a privacy-protecting feature called App Tracking Transparency, which forces apps to ask you for permission to track your activities across other apps and websites. Learn more about why you should never allow tracking here.

The Ten Upcoming Mac/iPhone/iPad Features We Think You’ll Most Like

The Ten Upcoming Mac/iPhone/iPad Features We Think You’ll Most Like

At its Worldwide Developer Conference keynote, Apple announced a boatload of new features that we’ll see in macOS 12 Monterey, iOS 15, iPadOS 15, and watchOS 8 later this year. Here are the ten features we think you’ll most like: