Do you use a password to log in when starting your PC?
Do you store passwords in a browser of your device?
How do you find an idea to use a single passkey on several websites?
If you engross in these thoughts, you are concerned about the security of your data on the Internet.
And small wonder!
Data breach statistics proves the need to protect user data.
Here's what you'll find out:
Just think, more than 1400 devices are locked with the password ''123456''. It's not a big leap of imagination to guess such password.
These days, our devices, accounts, and data need protection, and reliable password can increase it. But what is it a perfect passkey?
This guide highlights top passwords rules to follow to be safe online.
Let's get started!
To protect homes against robbers, people lock doors with keys. To defend their data against hackers, they create passwords.
If you think that it could hardly be found a person to hack your social media account or steal your photos stored on your smartphone, you are mistaken.
Cyber criminals know how to use information of any kind against its owners. The solution is a password.
Password is a secret word or phrase that must be used to gain admission to something (for example, gadget, system, interface, social media account, and whatnot).
A password can consist of:
- upper-case letters (A, B, C…Z);
- lower-case letters (a,b,c…z);
- numbers (1,2,3,6567806, etc.);
- special signs (&, _, #, etc.).
But how reliable are these letters-and-numbers combinations?
It depends on user creativity, the desire to protect information stored on digital devices and… adversaries’ ready wit.
You might be surprised:
As the curtain fell of 2017, SplashData Inc. published the list of the worst passwords 2017.
The research was conducted on the basis of 5000 password breaches taking place that year.
It should be noted that 21% of the worst passwords contained names only, while 14% – sequent numbers or years.
Besides, the passwords consisted of animals, swear-words and sequent letters (as they are on the keyboard) were also listed as the least reliable.
In the USA over 171 million breaches were recorded in 2017 (it is 79% more than in 2016), and 1120 of them were accomplished.
The situation wasn't changed in 2018. As Forbes reports, netizens keep on using weak passwords.
Today is 2020, and it's high time to make both data and accounts protected against crackers!
The strength of a password depends on the combination of the letters, signs, and numbers.
However, many people ignore this rule and use weak passwords such as 1234. Also, cybersecurity experts advise using one password only for one account. Otherwise, in case it is hacked, adversaries will get access to other user accounts locked with the same combination.
Would you like it them to do it?
It's not in the cards!
It does NOT exist!
If someone came up with an idea to work out a list of secret combination that would provide 100% security hackers would do their best to get this list.
However, Forbes has published the list of weak passwords. Among them, you'll find 123456, password, iloveyou, admin, princess, 666666, 123123.
Thus, it's strongly advisable to ignore such combinations when creating passwords.
In this section of our guide devoted to good password rules that DO work in 2020, I'd like to typify what are strong and weak passwords.
I have practised cracking passwords of different types and length manually. I want to clarify that all passwords belonged to me and were generated by one of the password generators described in this article. The purpose was to identify how much time it takes to guess a password without any customized application.
Here are the findings:
- It takes 2-5 seconds to guess a password that consists of a word that can be found in a dictionary.
Advice: don't use common words as secret combinations for your accounts!
- A four-digit passkey can be cracked within 1 second, in case it contains only letters or letters and numbers (lower-case ones). If one decides to include a special sign into a password, it will become a bit more complicated but will be cracked within 3 minutes.
Advice: ignore such combinations for your data protection, you need something more complicated!
- A seven-digit password is more secure, but still, it is not the best one to use in 2020. For example, a passkey with a seven-digit length that contains lower-case letters may be cracked within 50 minutes. However, if you add numbers and special signs to your password, adversaries will need 30 days to guess it!
Advice: use passwords of eight-digit length at least. Add special signs and numbers.
Do you use your name, surname, or the date of birth as a password?
If you do, it will not take much time and energy to guess it. It thus seems reasonable to ignore all your personal information when creating a password.
In 2005 a safety adviser Mark Burnett wrote a book ''Perfect Passwords: Selection, Protection, Authentication''. In the book, he has listed hundreds of well-known passwords. According to his findings, people tend to use passwords concerned with something significant to them.
What was his surprise when he found out that a word ''dragon'' was used quite often. It can be explained by the fact that dragons play a big part in our culture. Besides, many kids use this password under the influence of online games. It may bring much harm to your kids' privacy.
And now think about your password. Does it contain a name of your beloved? Or maybe the date of your birth is included in the secret combination? And perhaps it is a phrase from your favorite book?
It's ok, but what if you do a password more complicated?
There are several tips that may help you:
Create unique passwords that contain numbers, punctuation marks, capital and lower-case letters.
Do you remember that people are inclined to use words and dates concerned with some events or facts from their lives?
Well, now imagine that you are in love with an American romance film «Gone with the wind».
- Use it as a basis for your new secure password. ► Gone with the wind
- Delete blank spaces between the words. ► Gonewiththewind
- Change some lower-case letters into the capital ones. ► GoneWIththEwind
- Add numbers in random order. ► Go78neWIt442hthEwi0nd9
- And finally add special signs (in case it's allowed). ► Go78*neWIt442hthEw!i0nd9
Simple as that! Your new super secure password is ready.
Important! Don't use this password! You are to invent it on your own.
Now, when your super secure passkey is generated, you might mistakenly think that you will use it for all accounts and be safe on the Internet.
And… you fall into your own trap. The use of a single password for all accounts is fraught with negative consequences – low level of cyberdefense.
What if a cracker manages to guess your secret combination to at least one of your accounts? It will lead to unauthorized access to all the services you use: email, social media, online shops, and whatnot.
Follow the rule: 1 password = 1 account! It is too impudent to use one password for all apps, email and what not. Use different combinations.
Well, now the question that has to be answered is how to bear in mind all the passwords? The thing is that an average user is authorized on about 70-90 websites.
Don't believe these figures?
Just open the setting of your browser and check it.
An average user cannot memorize all login details. A special tool is required. And lucky we are, as the developers have already worked out them.
These special apps create singular passwords and store them. You will not have to bear in mind them.
Do you want to have a look at the ones that work perfectly well?
Here they are:
This service generates passwords, stores these secret combinations, and pre-populates them on sites. The last function is available for Android devices and the Chrome browser. You won't have to use Ctrl+C and Ctrl+V combinations to log in your accounts. Blur will do this work instead. It is also compatible with iOS and Mac devices. The price is rather low for this great helper - $39 per year, whereas a free version is available as well.
- Sticky Password
It has user-friendly, multi-role interface and enables its users to choose between data timing on the cloud or through WiFi network. Being a reliable password manager, Sticky Password works with the devices running on Android, Windows, iPad, iPhone, and Mac. Similar to Blur, it offers a limited free version along with the paid plan with the advanced features. The price is $29.99 early.
The first two password generators described above will not be useful if you are a holder of a Linux-based gadget. However, it's not a reason to get your knickers in a twist. LastPass is a perfect solution to your problem. The service works with a set of devices running on Linux (!), Android, Windows, Mac, and iOS. It also works with Opera, Firefox, and Chrome browsers. The application was worked out by an American company LogMeln to safeguard users' accounts. A user is to pay $24 a year only or make use of its free plan.
Another worthy password generator app is EnPass. It attracts many users by the facility to pay once $9.99 per 1 device and enjoy all the advanced features of a premium version of the app. Apart from its many beneficial functions, the manager possesses a very alluring feature – compatibility with a long list of OS and platforms. Thus, one will manage to use it on BlackBerry and Chromebooks.
- Zoho Vault
The last but not the least useful on our list is the product worked out be Zoho. In case you are concerned about the security of your data, you have already tried Zoho Mail service. And not it's time to make use of a great password manager Vault. It embodies both a five-star password manager and a convenient login system. A consumer has the right to choose: whether to use a free package of the app or to pay $12 per year and get access to the advanced facilities of the service.
Password managers can keep data on devices or on the cloud. The advantages of cloud storage and synchronization are evident: the passwords are accessible on all devices possessed by a user.
The risk is that in case a cloud service is compromised, the passwords fall into the hands of the enemy. Thus, such app needs additional protection.
Take advantage of VPN services to protect your data in case of hacking attacks.
VPNs are really reliable tools!
Virtual Private Networks serve to protect all your online traffic as well as apps used on the device that you use when surfing the Internet. Thus, the services like Nord VPN or IPVanish will help to safeguard your password manager.
With a trustworthy VPN, you will not become another victim of cyber criminals.
It is up to you to decide what provider to choose. However, we'll help you to make the right choice. Here is a list of features you are to look through when selecting a service for protection:
- encryption (at least 256-bit key);
- Kill Switch (this function disables access to the Internet when a secured connection is lost; it's abysmally beneficial for data protection);
- compatibility (your device should be compatible with a VPN app you choose, check it beforehand);
- logging policy (read the terms of service and choose the provider that doesn't keep user data).
And now a word of advice: it's possible to try the service free of charge. The thing is that many providers offer a free trial period, which is usually limited between 24 hours to 14 days.
At bottom, every browser enables users to store their passwords. For example, to find your usernames and passwords in Chrome browser, you are to open the Settings, then click on Additional, and then Passwords and forms. This section contains the list of websites and user login details for them.
But what if a computer trespasser gains access to your device with the passwords kept in your browser?
That's why it's strongly recommended not to save such details on third-party sites. When a browser offers to store such data, you are to deny it.
Google experts spent 1 year to study hacking attacks concerned with passwords theft. Google in collaboration with the University of California (Berkeley) analyzed Google users' accounts and explored 15% of users report about account breaches.
According to the findings of this investigation, 3.3 billion breaches falls for the share of companies, whereas 12 millions of login details were compromised through phishing attacks (when adversaries get access to the passwords of a user who links to a malicious website).
Such links are usually sent through emails. But there are cases when news portals post articles with such links by mistake.
To prevent such breaches, Google has introduced the Safe Browsing function, which notifies when moving to suspicious websites. If a user ignores such notification and opens the link, malware can be installed to steal user login details.
Thus, it's better to use Chrome browser rather than out-of-date Internet Explorer, for example.
Do you remember how much time does it take to guess a seven-digit password (the combination of lower-case letters, numbers, and special signs)?
Only 30 days!
If a hacker needs your data, he will strain every nerve to do the trick. Within this content, one is to follow one more simple rule – change passwords regularly. A good password manager (see the 3rd point of this section) will help you accomplish it.
It is a method of user identification on a service (on the Internet, as a rule) by means of an authentication request of two types, which provides double protection. In real-world contexts the first step is username and password, the second one is a special code sent through SMS or email.
Sometimes, the second step requires USB-key or biometric personal data. In a nutshell, two-factor authentication is the access system based on 2 ''keys'': the first one is to be kept in mind by a user, the second one is sent through email or SMS.
This type of protection should be used for the services that store sensitive data of a user.
Let's explore a couple of examples.
It's pointless to use two-factor authentication for Pinterest, as no significant data is stored by the app. But as for iCloud or Google Drive, this security and privacy tool is a must.
Regardless of how strong are your passwords, you should NOT share them with third parties. This tip is rather obvious but not all internet users follow it.
In no event shall one hand over the secret combinations to other people.
If you follow all these tips, all your data will be under the strong protection.
Nowadays, it becomes more and more easy to create a password that will manage to protect you and your data.
The issue is that one can install password generator software on a device used to connect to the Internet and use various applications.
However, there are individuals who think that the use of a password generator online is a good idea.
But think! Can this idea be worthy if something is created online?
However, there are some must-have steps that will help to generate easy passwords to remember but hard to guess.
Here they are:
- don't use your name or surname for a password;
- don't use your date of birth when creating passwords;
- don't use your phone number as a password;
- one secret combination for one account;
- include numbers and special signs to your password;
- use both lower-case letters and upper-case letters.
Of course, it is worth using a strong password, as it provides users with a higher level of security on the Internet.
Weak passwords are easy to crack. And as you know, when a password is hacked, a hacker gets access to your accounts, files, and apps. In this case, your confidential information undergoes leak, which can lead to irreversible consequences.
Nevertheless, there are people who tend to use simple, unsophisticated passwords.
They find such combinations attractive because:
- they are easy to remember;
- password managers are not necessary (everything can be generated without third-party apps);
- there is no need to store them on special apps.
Is it worth it?
It's unlikely you want your data to be compromised, or photos shared without your will.
One should be serious towards data security, as such information is worth much these days. It's better not to disregard the simple rules described in the article.
Let's revise them in brief:
- use complicated passwords (include lower-case and upper-case letters, numbers, and special signs);
- always use new a secret combination for a new account;
- password managers will help you to generate and safe passkeys;
- use a VPN service for additional protection (they hide IP address);
- don't save passwords on your browsers;
- Safe Browsing feature will serve you not to open suspicious links;
- change your passwords at times;
- two-factor authentication prevents adversaries from hacking your accounts;
- you are the only person who should know your passwords.
Keep to these rules, and your Internet privacy will NEVER be compromised.
In case you are ready to share your own smart password ideas with our readers, do it in the comments to this guide!