Internet Security – PasswordWhy do you need a strong password?
Why would I need a strong password?
To understand why you need a strong password, you need to understand the risks of having your account compromised - namely, malware. Hackers, by simply guessing an account’s weak password, can introduce malware into your website, which can:- Redirect your website’s visitors to a harmful website
- Install malicious content to your visitor’s computer
- And what’s worse — you might never know your site is affected. Hackers use subtle tools to implement these exploits, escaping detection and affecting more and more users.
And don’t think, “This won’t happen to me.” Any and every hosting account with a weak password provides an easy target for hackers. If your website is accessible through a browser, then hackers want to use it to harm your visitors!
Other than that, by hacking and gaining access to your email accounts, your email accounts could starts spamming and marked as spam account by email service providers. Even worse, your email accounts will also be spammed with thousands of spam email, on a daily basis.
What can I do to protect my account?
Using a strong password, of course. A password is your first and last line of defense in computer security. Typically people choose bad passwords because they are easy to remember. However, you wouldn't leave the door to your home unlocked because it is too much of a hassle to unlock it before you open the door, would you? A weak password is the same thing.
Using words that appear in a dictionary, in any language, make cracking your password that much easier. Adding numbers to dictionary words doesn't increase the password's strength at all if it is based on a dictionary word. Even with character replacements like capital letters and non-alphanumeric symbols, you're not getting a stronger password.
A true strong password should consist of 8 or more characters and be part of a "passphrase". A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example:
Mickey Mouse for President. It would be awesome!
One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you:
mmfpiwba
That looks seemingly random, and it's a fairly hard password to crack. But why not make it harder by using the punctuation from the sentence?
mmfp.iwba!
Now that is a much harder password to crack. Why stop there, though? Let's make it even stronger by capitalizing some letters and adding numbers.
MM4P.Iwba!
Now you have truly difficult password to crack; but is still fairly easy to remember. To make it even stronger, you can salt it with non-alphanumeric character replacements for greater difficulty. For example, replacing an "a" with a "@" leaving you with:
MM4P.Iwb@!
Using words that appear in a dictionary, in any language, make cracking your password that much easier. Adding numbers to dictionary words doesn't increase the password's strength at all if it is based on a dictionary word. Even with character replacements like capital letters and non-alphanumeric symbols, you're not getting a stronger password.
A true strong password should consist of 8 or more characters and be part of a "passphrase". A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example:
Mickey Mouse for President. It would be awesome!
One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you:
mmfpiwba
That looks seemingly random, and it's a fairly hard password to crack. But why not make it harder by using the punctuation from the sentence?
mmfp.iwba!
Now that is a much harder password to crack. Why stop there, though? Let's make it even stronger by capitalizing some letters and adding numbers.
MM4P.Iwba!
Now you have truly difficult password to crack; but is still fairly easy to remember. To make it even stronger, you can salt it with non-alphanumeric character replacements for greater difficulty. For example, replacing an "a" with a "@" leaving you with:
MM4P.Iwb@!
Do's and Do Not's of password security
Do:
- Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
- Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
- Try using the initial letters of a phrase you love, especially if a number or special character is included.
- Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character.
Do not:
- Use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license plates, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
- Use any word in any language spelled forward or backward.
- Tie passwords to the month. For example, don't use "Mayday" in May.
- Create new passwords that are substantially similar to ones you've previously used.
Note: With regards of all mentioned above, the fact is that no password is 100% secure. Hence, the best practice would be keeping your password private and secret, changing password frequently, and change it immediately in case you believe it may have been compromised.