Switch to

21.11.2024

How to create a safe password that’s easy to remember

How to create a safe password that’s easy to remember

Every year, on 7th May, World Password Day reminds employees and users alike of the importance of using strong, secure passwords.

In today’s world of information overload and countless digital services, this advice is more relevant than ever. Yet, recent reports show that many people still fail to follow it.

To get a sense of the current situation: according to Google, about a quarter of users worldwide have used weak passwords like “password”, “123456”, or “qwerty” to ‘protect’ their accounts. Additionally, one in three users never bothers to change their passwords.

However, achieving a solid level of protection for email accounts, e-commerce websites, social media, CMSs, cloud systems, and more isn’t as difficult as it may seem. It all starts with recognising the importance of password security and following a few simple rules. As for how often passwords should be changed, the answer is as frequently as possible – at least every 3 to 6 months.

8 rules for creating a strong password

Here are some key guidelines for creating a password that provides a solid level of protection:

  1. Don’t use sequential numbers or letters (e.g., “123456” or “abcdef”).
  2. Avoid including your date or month of birth.
  3. Use a combination of at least 8 characters, including letters, numbers, and symbols.
  4. Combine unrelated words that have no direct connection to the password or passphrase.
  5. Don’t use personal details, such as names of relatives, hobbies, or addresses.
  6. Use a password manager to securely store your passwords.
  7. Never recycle old passwords.
  8. Change your password every 3 to 6 months.

How two-factor authentication works

One of the best ways to enhance digital account protection is by enabling two-factor authentication (2FA) wherever possible.

As the name suggests, 2FA adds an extra layer of security to online accounts by requiring an additional access credential alongside the usual username and password.

There are three main types of 2FA:

  1. Knowledge-based credentials: this includes information only the account owner knows, such as answers to security questions or PIN numbers.
  2. Possession-based credentials: these rely on something the owner has, such as security tokens or specific mobile apps that generate authentication codes.
  3. Biometric credentials: this involves unique biological traits of the owner, such as fingerprint scans or retina recognition.

What are brute force attacks?

Brute force is a hacking technique that uses a trial-and-error approach to crack passwords, access credentials, and encryption keys. Though basic, it is a reliable method for gaining unauthorised access to private accounts or company networks.

Essentially, the attacker makes repeated attempts by inputting usernames and passwords in a vast number of combinations until they find the correct credentials.

There are several forms of brute force attacks:

  1. Simple brute force attacks: the hacker manually tries to guess access credentials without using any software.
  2. Dictionary attacks: the attacker selects a target and tests possible combinations based on common words or phrases relevant to the user’s name or information.
  3. Hybrid brute force attacks: a combination of the first two methods, where the attacker uses both manual guesses and software-assisted attempts.
  4. Inverse brute force attacks: the attacker starts with a known password, often obtained through a network breach, and then tests it against millions of usernames to find a match.
  5. Credential stuffing: this method exploits the widespread use of weak passwords. Hackers use stolen combinations of usernames and passwords from other breached accounts to gain access to additional accounts.

The dangers of phishing

Phishing involves sending fraudulent messages that trick users into giving away their personal information, often under the guise of resolving technical issues. These messages can range from being blatantly obvious to more subtle and convincing attempts.

The most common form of phishing is receiving a fake email that either asks the recipient to provide personal details or contains malware that instals itself on the user’s device if they interact with it.

Another frequent tactic involves phishing emails that appear to come from someone in the user’s own contact list, making the scam feel more authentic and increasing the chances of the victim falling for it.

A more targeted variant of phishing, known as whaling (or whale phishing), works in a similar way but focuses on high-ranking individuals, such as executives within a company. These attacks aim to exploit the authority and access of such individuals, often leading to more significant breaches.

  • Stay up-to-date on all our new releases

  • This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.