Do you ever find yourself irritated by all the password requirements different sites have? It’s frustrating, but it all comes down to one reason- your e-security!
Weak vs. Strong Passwords
Password strength is evaluated based on password length and password complexity.
Strong Passwords:
An example of a strong password may be wrAxc12$5%1!
- Shouldn’t contain 3 consecutive letters of one’s name
- Contains both upper and lowercase letters
- Is a minimum of 8 characters long
- Includes numbers
- Includes punctuation
Weak Passwords:
An example of a weak password may be: wealth2
- Has YOUR name in it
- Has fewer than 8 characters
- Is a word found in a dictionary
- Has names of close family members or friends
How do Passwords Get Hacked?
Some ways passwords may get hacked include but are not limited to:
- Credential Stuffing
- A method to test databases or stolen log-in information [aka credentials] against several accounts to see if there’s a match.
- Think of this like a matching game for hackers.
- Many users tend to have the same password across sites. Hackers have a good chance of finding that user’s password across site x.com and site x.org. Once found, hackers can use tools to rupture new accounts on site.
- Phishing
- Hackers target their victims via email or text messages.
- The message is usually about abnormal activity or password verification that requires the user to click a link and enter their secure information, such as their log-in info– username & password.
- Once the user clicks the link and enters their information, they’ve essentially forfeited and fallen for the hackers’ bait.
- Password Spraying
- Similar to credential stuffing. The difference is that in password spraying the hacker has a list of usernames but has no clue as to what the actual password may be.
- This is like a guessing game for hackers.
- Each username is tested with a list of commonly used passwords.
- Key-logging
- Often used in targeted attacks.
- Key-loggers account for the number of strokes a user types on the keyboard.
- This can be done by the hacker having installed or compromised the user’s system and implanting key-logging malware.
How does one protect themselves from their passwords getting hacked? Authentication methods!
What is Authentication?
- Password Authentication basically acts like a security guard. Security guards make sure that the right people are entering buildings. That’s what password authentication does, but virtually.
- Password Authentication makes sure that the person requesting access to a certain system is THE intended person getting access by putting them through different types of password authentication checks.
Types of Password Authentication
Types of password authentication include but are not limited to:
- This is the “traditional/cliche” password method.
- How it works: a user enters their username followed by a pin/password only they know.
- In theory, this user’s password may remain secure if they have disclosed it to no one else. Yet, it is still “hackable” by hackers if not secure enough
- Think of 2FA like an extra layer of clothing. It takes more effort to get through an extra layer of something. 2FA is THAT extra layer.
- 2FA requires you to ‘prove yourself’ via something you have and something you know. i.e., your password may be something you know and your phone may be something you have to use for verification.
- An example of 2FA in action: A user signs into their account. After they enter their password, they’re prompted to enter their phone number and enter the code sent to that number. In this case, the code is the extra layer.
- An alternate method for people who don’t want to authenticate on mobile devices
- Token systems rely on physical devices to send 2FA. This physical device may be a dongle that goes into the USB port or may be a smart card with radio frequency identification.
- Tends to be more secure yet costly.
- Most popular in modern technology
- Common feature on smartphones and computers.
- Biometrics rely on a person’s physical characteristics to provide authentication. i.e., fingerprints, retinal scans, facial or voice recognition.
Password Security Tips
- Download a password manager [a software that is designed to store passwords/manage credentials securely]
- Don’t use personal info
- Never re-use passwords
- Randomize passwords
- Focus on password length
- Check your password strength
- Change passwords frequently
Humanity Wealth Advisors believes in sharing good knowledge and education. We believe your financial wellness comes from knowing good information– after all, knowledge is power.
- The articles we provide are a free service used simply to educate and pass knowledge; a knowledgeable investor is a great investor!
- Weak passwords can compromise your information which may lead to a deflection of financial planning; giving readers information on cybersecurity helps us meet our goal to educate the general public
- Contact us if financial planning is crucial to you- we can help you with that.