Why is Password Security Important?
In one of my Security Risk Analysis courses this week, we discussed password cracking and what it takes for a password to be secure. Password security is a big issue today because of how many accounts an individual has. Most people do not realize how important password security is.There are a lot of difficult things involved with passwords that you don't realize. When you type your password, it usually then undergoes some sort of encryption before it can be stored in the database behind the website. That password can then only be read by the system that knows how to read it. At least that's how it's supposed to work.
This week, it has become known that the hackers involved in the now famous Ashley Madison leak have cracked more than 11 million of the hashed passwords in the databases. Ashley Madison had originally thought it's password protection to be secure, but obviously that has been proved wrong. Prior to June 2012, Ashley Madison used a different password protection than they do currently. However, their fatal flaw was that they did not apply their new protection to accounts and passwords created before the change over. The more than 11 million passwords that were hacked were for those accounts created before the new password protection was implemented. (Hackers have cracked more than 11 million Ashley Madison passwords)
This is just one example of a leak or security attack that has proved that our passwords are not always secure with the sites we use them on. So, creating a complex password or personal password system is in your best interest. Those annoying password requirements website's make you meet? Those are there for your protection.
Tips for a Secure Password
- Create a password unique to you. Use a combination of letters, numbers, symbols, and varying cases.
- DO NOT share your password with just anyone. Be careful who knows your key log in information.
- DO NOT use the same password for every website. If you were part of a leak like Ashley Madison's and they were successful at un-hashing your password, they could access your other websites.
- Do not use words already associated with your account. Some examples, your first or last name, user, username, or words like "password."
- DO NOT use words straight from the dictionary. One type of password attack is called a Dictionary Attack because it uses a list of dictionary words to compare to your password in an attempt to find a pattern.
- DO NOT use keys that are close on the keyboard. Some examples of poor passwords like this are "asdfg," "qwerty," "asdzxc."
- DO NOT use details like your birthday, Social Security number, phone number, or family member names. This type of information can be obtained other ways.
- DO NOT keep a document on your computer with a list of your passwords. Also, be careful where you keep written passwords, if you do.
- Length is KEY. A longer password is more difficult to crack.
Using a Password Checker
 |
Password "checkers" like How Secure is My Password exist so that you can see how long it would take for a hacker to get your password. While these websites are a great tool, I have some key advice.
NEVER put your real password into one of these "checkers." Use a password that follows similar structure to your own, without actually entering your own. This is important because you do not know who is behind this website. A malicious website could store passwords into a database in order to make cracking passwords easier.
Thank you for reading,
Amanda
No comments:
Post a Comment