Why you need a strong password

Learn why having a strong password is a must to protect your online data.

Whether you are signing up for a new email service or logging into your bank account, you will almost always be prompted to select a password. We constantly deal with the hassle of creating a completely new password, remembering an old one, as well as the long frustrating process of forgetting a password and having to follow a labyrinth of instructions to create a new one.We all know we should be creating strong password: Weak ones are easily guessed, which could leave our data exposed to hackers and criminals. However, before switching to better practices or using strong passwords, we need to actually know what constitutes one. As part of a series of privacy 101s, we at Skiff are going to share how to make a strong password across all your accounts and visited sites.

Why a strong password is important

The first question you might be asking is why is a strong password is necessary. Yes, lots of slightly annoying online prompts require numbers, special characters, or capital letters, but the math behind different attacks showcases exactly why strong passwords are so important for everyone’s online security.When you use a weak password from “abcdefg,” “123456”, “password,” or some easily guessed combination of your birthday and home address, you leave yourself open for hackers and criminals to easily access your accounts using a number of exploitation methods.Hackers can guess weak passwords through several common methods, including:1. A brute force attackA brute force attack is an attack that relies on either manual or automated trial and error to guess your password. If a hacker has found out that you are a car enthusiast and your favorite model of car is a Ferrari, they might try enter variations of passwords including the word “Ferrari,” such as “Ferrari1,” “Ferrari123,” “Ferrari12345,” in an attempt to access your account.Brute force attacks are always automated today, and sophisticated brute force algorithms may combine other information about you or your account, such as the service name, your birthday, or other properties.2. A dictionary attackA dictionary attack is a slightly more sophisticated form of a brute force attack. In a dictionary attack, sophistiated hackers program a malicious software to run through hundreds, if not thousands, of variations of common words or passwords in an attempt to guess your password.The weaker your password the easier it is for an attacker to guess your password and access your account.3. Social engineeringSocial engineering refers to hackers pretending to be someone from a trusted and legitimate organization, such as pretending to be someone from your bank or impersonating a fellow co-worker.Hackers will try to gain your trust and then use information you share to guess your password and nefariously access your information and online accounts. They may also try to contact the service and convince them to reset your password or share additional account information.Beyond the information above, there are many other ways hackers can guess your password. However, by following a few simple steps, you can create a strong password and significantly improve the chances that hackers will fail to steal your information and access your accounts.

Constructing a strong password

There are several basic rules you should follow when trying to create a strong password. These include:

1. Always use a unique password for each of your accounts

When signing up for a new service, you should never use a password you have used for a previous account. If a hacker guesses one of your other passwords, or your password is exposed in a data leak, other accounts that share a password with the breached account will also become vulnerable to exploitation by the hackers and other criminals.This is why you should always use a different password for each of your accounts. This will make sure that each account is securely protected even in the case when one of your accounts does become the victim of a hacking attempt.

2. Your password should be at least 12 characters

Shorter passwords are, unsurprisingly, easier for hackers to guess, This is why you should always make your password at least 12 characters in length.Longer passwords are sometimes harder to remember, so we highly recommend using a password manager or secure storage mechanism for your accounts. A long password is no help if you forget it and are locked out of your account

3. Make sure your password includes letters, numbers, and special characters

Your passwords should always include a combination of upper and lower case letters, specical characters like “*” or “&”, and numbers. This combination will make it hard for hackers to guess your passwords using brute force attacks or other forms of attacks that rely on guessing a large number of password combinations.On a basic mathematical level, going from 26 letters, to 52 uppercase/lowercase letters + 10 digits + 10 special characters for every character in your password, the number of possible passwords increases significantly (if you have 12 characters, over 10^22 possible passwords).

Conclusion

In conclusion, having a strong password is a necessary way to prevent hackers from accessing your accounts and stealing your sensitive data and information. There are several easy steps you can take to create a strong password, such as making your password at least 12 characters, including letters, numbers and special characters, and never reusing passwords across multiple accounts.Taking these proactive steps to create a strong password will make your online accounts safer and keep hackers and criminals out of your life for good.