What is a password? A
password is a word used to verify the identity of a user
during the authentication process. Many times passwords
are used with user names such as logging into a computer
or on a site that is secure, such as a banking website
or social media site like Facebook or Twitter.
Passwords began as short words no smaller than 8
letters. Unfortunately, cybercriminals were able to
guess or use software to find out what these passwords
were, so a combination of capital letters, numbers,
symbols, and special characters was needed to make
passwords stronger. A good example of a strong password
is something like !tsTIM32gO?@N0On$. There are some
websites out there that have a strength indicator that
can tell you if you have created a strong password which
can be helpful. Many people tend to make passwords that
use information about them or their family that can
easily be guessed by a hacker. Avoid passwords that
contain family names, pets, birthdays, important dates,
and any other information that can easily be guessed by
a hacker. With a strong password you may feel you are
protected but using that password across multiple
accounts is not a wise idea. The most important aspect
of having a password is NEVER SHARE YOUR PASSWORD!!!!
(Bacon, 2023)
Passphrases
Passphrases are sentences or run-on
sentences that are used to help create a long chain of
characters that makes a password more secure. Using
passphrases is a better way to protect your information
and can be easier to remember than passwords alone. You
can incorporate the use of special characters, symbols,
numbers, and capital and lowercase letters in
passphrases to make them unique. A good example of a
passphrase is – I l!K3 2 buY &hoe$! – I like to buy
shoes, because it incorporates everything in a strong
password and is easy to remember. You can use different
phrases and sentences as well but you want to keep in
mind the basics of passwords. Do not use birthdays,
important dates, or easily guessable information about
yourself. (Bacon, 2023)
Password Managers
Today we have many different applications and
websites and devices that require us to have a password.
This can make it very difficult to keep track of all the
passwords we have and we will need a good place to put
these passwords. There are now applications called
password managers that allow us to store our passwords
in an easy to access application, such as on our
cellular telephone, and access them whenever we need.
Password managers may even offer strong passwords that
can be used instead of a person having to think of what
a password would be. Password managers are great tools
for people who need to have many passwords kept
securely. Password managers are able to encrypt
passwords and store them on private secure servers and
the account that a user has is the only account that is
able to decrypt the passwords for use. This makes it
difficult for hackers to access your passwords and
allows you the convenience of keeping them safely stored
in a convenient location. A few different types of
password managers are 1Password, Bitwarden, Keeper
Password Manager, LastPass, Secrets, and NordPass.
(Anonymous, 2022)
Multi-Factor Authentication
One of the most secure
ways of using a password is Multi-Factor Authentication,
or MFA. MFA is a way of verifying your identity with a
password and using a second or third verification
process by having a secure code sent to an email
address, cell phone, voice recognition, or some type of
biological scan such as a fingerprint scan or facial
recognition. Enabling MFA on any device or website you
use can greatly increase the safety of your information
and helps prevent hackers from accessing it through
passwords alone. If your password is compromised then
the hacker will have a hard time trying to meet the
second factor of authentication and can help keep you
safe. In the event your password is compromised or used
without your permission you may get a notification in an
email or text message stating your password was used and
you need to verify it was you using the password. By
receiving this email you know your password was used and
that you need to change it and there are usually links
in these emails to change your password, however it
would be best to go to the site and use the forgot
password option to change your password. That email may
be a spam email and you would not want to send a new
password to someone trying to access your information.
(Easterly, 2023)
Offline
Using offline software gives
cybercriminals the ability to crack passwords with an
unlimited number of attempts as long as they have enough
computational power. Cybercriminals have created
programs that use passwords that have been leaked over
the internet and dark web and are put into dictionaries
that programs use to filter, find, and use to guess
passwords on computers while the computer is offline.
These programs have been updated or new programs have
been written that can give a hacker different options on
how to use the software such as a dictionary mode or a
mask attack mode to guess passwords. From 2009 to 2015
there were at least 12 data sets of passwords that were
leaked containing approximately 220 million passwords
that were easily made public that hackers can now use to
help write their software. Writing passwords down on
paper and leaving those papers accessible to anyone is
another way your passwords can be obtained while
offline. A janitor or coworker could easily walk up to
your desk and see your passwords and use a cell phone to
take a picture of them, or open drawers and rummage
through your desk or office space until finding these
passwords and either take them or take pictures of them.
(Ruxin, Yongbin, Yong, Weili 2021)
Software Updates
It is very important to update
the software on your computer. Some updates with Windows
are optional updates and thankfully the Windows
Operating System lets you know which ones. Other
applications also need updates as well. Updating your
software helps protect your information because of
security or programming issues that can be found after a
previous update or new software has been released.
Programmers work hard to make sure their software
functions the way it is supposed to yet there can be
parts of a program that can become vulnerable to hackers
or cybercriminals. Malicious software such as viruses
can be used by cybercriminals to find a weakness in a
program and are then used by the cybercriminals to steal
data or corrupt files. Companies often test updates
after they have been released to help find and fix any
part of the code in their programs that can be weak to
prevent their programs from becoming vessels for
cybercriminals to steal or destroy important
information. Sometimes cybercriminals find a weak area
of code and then the software company hears about it and
creates a fix. Updating this fix to the weak code
prevents cybercriminals from exploiting it. If your
computer is discovered by a cybercriminal as having out
of date software then the cybercriminal can use these
out of date programs to steal your information or
corrupt your important files. (Franklin 2022)
