4 quick tips to create an unbreakable password
Sink password pirates with these password-creation tips.
The digital world has bad actors at every turn looking for the latest way to get access to sensitive systems, including your email, bank account, credit card accounts or even your network at work. This is why password hacking has become insanely popular.
You can fight back against these password pirates by creating a strong password and protecting it from the various types of hacks bad actors attempt.
Below, we offer four quick tips for creating an unbreakable password, so you can keep you and your company safe.
But before we dive into password creation, let’s have a look at the key hacks used to get your password.
Types of password hacks
Hackers can get their hands (or eyeballs) on your password dozens of ways, but some are more common than others. Here are the six most common password-stealing tactics.
The dictionary attack is one of the less technical ways of cracking a password. Just as its name implies, the hacker uses a program to run through every word or combination of words until they get in.
Some crafty password creators may think cramming a few words together will prevent these types of hacks, but this only slows them slightly. With enough time and effort, the hacker will get the combination of words right and get into your system.
Brute force attack
A brute force attack is similar to a dictionary attack in that it puts together strings of words until it figures out your password. Where it is more advanced than the dictionary attack it that it can also try various non-word alphanumeric combinations. So, if you use “xYz987” as your password, it may crack it.
The only downside to this system is that it requires more time or computing power to complete than a dictionary attack.
The phishing attack has become a go-to approach for hackers, as our busy lives sometimes result in us letting our guard down and mistakenly handing our passwords right to the hackers.
How phishing generally works is you will receive an alarming and official-looking email saying your account has been locked, some creepster attempted to log in or there was suspicious activity. Within this email will be a link to click and reset your password or log in to see what the issue is.
The problem is that though this email may look legit, the link you click will be to a dummy page that’ll scrape your password and feed it to the hacker.
Similar to phishing, social engineering involves you voluntarily giving up your password, but it takes the interaction offline.
The way this hack typically works is you’ll get a call from a persuasive person claiming to be from IT or the help desk. They will deliver an alarming message like your computer’s been compromised or the network’s been tampered with. They will then try to convince you that they need your password to make everything right.
The unsuspecting victim thinks they are helping, but they are actually giving the hacker access to their computer or, worse yet, the company’s network.
Installing malware is a far more intricate way for hackers to get access to your password. Malware can get your password in several ways, but some of the more common ones include screen scrapers and keyloggers.
A screen scraper reads what is on your monitor, including your password as you enter it. A keylogger tracks your keystrokes and sends them to the hacker. Once they have your keystrokes, they can then find a pattern, which indicates a password, and the rest is history.
Shoulder surfing is about as low-tech as password stealing gets, as it is merely someone standing over your shoulder watching your keystrokes or looking for a password written somewhere in your workspace.
Shoulder surfers can be a wide range of people, including a dishonest coworker or an outsider posing as a utility worker, postal worker or other trusted individual to gain access to the building. Its lack of sophistication is what makes this password-stealing tactic so successful.
With the key password-stealing methods covered, here’s how to avoid falling victim to hackers.
Be suspicious of all emails
Email is a staple in virtually every office setting these days, and we sometimes get bombarded with spam and business communication that keeps us busy all day. Within this mass of emails can be a phishing attempt, and your workload may have you spread so thin you take the bait.
To avoid this and other email-based hacks, assume all email seeking your personal information is a fake. Also, if you receive an email asking you to click on a link to change your password or log on, don’t immediately click on the link.
Instead, hover your mouse over the link to see the real URL it points to. Chances are, it doesn’t point to the site you expect it to.
If you fear this email may be legitimate, you can verify its validity by opening a separate internet browser and logging into the website or system without clicking on the link in the email. If you can sign in without any issues and receive no alerts, there is likely no problem with your password or access to the system.
You can also try calling the website or your IT department to verify there is no issue.
Use a Screen Shield
Though shoulder surfing is the least technical of the password-stealing processes, there is tech to block it. A screen shield, which is also called a privacy filter or screen filter, blocks your screen from any angle other than straight ahead. So, if a shoulder surfer thinks they can stand behind you from an angle and read your screen, they will see nothing but black.
Sure, a shoulder surfer could still see what keys you’re pushing, but they will have no idea if you’re typing a password or a thank-you letter to Aunt Ester.
A screen shield is not a 100% effective solution, as a sneaky enough person could get directly behind you while you’re deep in thought and read your screen. This is where you need to be aware of your surroundings, so you know when someone is just inches behind you while you’re on your computer.
We all lead busy personal and professional lives and sometimes lack time to think up a crafty password. Plus, with many corporate systems requiring a password reset every few weeks, you may simply run out of ideas.
Don’t let password laziness get the best of you and start choosing easy-to-guess strings like “123456,” “123987,” “abc123, “password,” qwerty” or others like that. Even if you think you’re being creative by using character substitution like “!” in place of a “1” or “@” in place of an “a,” you’re just delaying the inevitable.
If a password is easy for you to remember, it’s likely easy for a hacker to figure out with just a little digging. Knowing this, you should avoid a password someone could pull from social media or other public domains. Some big no-nos include your birthday, anniversary, kids’ birthdays, kids’ names, etc.
Also, trying to be clever by using character substitution we mentioned above will only delay a hacker cracking that password.
Methods for creating that uncrackable password
To avoid some of the lower-tech password-stealing hacks, like brute force or dictionary, you’ll need to create an uncrackable password. There are many tips for creating great passwords, but some stand out as more surefire ways to keep your private data safe. Here are four of the best password-creating tips.
1. Random passphrases
The more random and personal a password is, the less likely a hacker is to guess it. Creating a long passphrase made up of several random words mashed into one is a great way to throw off any hacker. Choose things that you will remember but would be complete nonsense to anyone else. For example, you favorite TV show, favorite actor and favorite food combined into one word.
A great example of a knockout password using this method would the “TheWakingDeadCruiseSpaghetti.” Sure, a hacker may see from your social media posts you are a fan of TWD, but the chance they also know you’re a Tom Cruise and Spaghetti fan is highly unlikely. And the chance they will think to put them all together in one password is even less likely.
2. Gobbledygook as a password
No, we’re not saying to create a password with no meaning. We’re saying to make one that means nothing to a hacker. For example, choose a sentence that has significant meaning to you, then chop it up until it looks like nonsense to an outsider.
One way to do this is to use only the first two letters from each word in the sentence. For example, if you are a Plato fan, you can use one of his most memorable quotes, “Only the dead have seen the end of war.” To make it hack-resistant, you would chop it up as “OnThDeHaSeThEnOfWa” when turning it into a password.
3. Let your fingers do the talking
Sometimes you cannot remember passwords for the life of you and creating a good one results in you clicking the “forgot password” link. How about letting your muscles be your memory?
Let your fingers just naturally tap a combination of 15 or more keys with no real input from your brain. Once you’ve created what feels like a comfortable string, repeatedly type said string until it becomes almost an automatic motion.
This muscle memory will create a strong password you won’t struggle to remember and hackers will struggle to guess.
4. Using a password manager
In today’s world, countless tools make your real and digital lives more manageable. One tool that helps with the latter is a password manager like LastPass or Dashlane. These systems offer two processes to help with your password woes.
First, they help you create super-strong passwords that almost no one can guess. We’re talking long, illogical strings of characters that mean nothing to you. Second, these managers save the passwords in a password-protected vault, meaning you never have to remember another password again – well, except the password to the vault.
Speaking of that vault password, use one or a combination of the above password-creation tips to come up with one uncrackable super password. Remember, this is the only password you’ll have to remember, so make it count.
Keep in mind that password managers are far from invulnerable, so you must still ensure you’re on top of the security of your data.
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now