Secure passwords 101: 14 tips and tricks for robust protection

Digital life is now inseparable from daily life. We manage our finances, communicate with loved ones, and store sensitive information all online. But with this convenience comes risk: cyber threats are constantly evolving, making the need for robust digital protection more critical than ever. Your first and most important line of defense? A strong password.

In this article, we will look at why secure passwords are so important, what characteristics a secure password should have, and what best practices you can use to ensure the security of your digital identity.

A. How do thieves obtain passwords?

Thieves can obtain users' passwords through various methods, using both technical and social tactics. Here are some common methods they use:

1. Phishing: Phishing involves tricking people into entering their passwords via fake websites or emails that appear to be legitimate. Thieves create convincing replicas of login pages for popular services and trick users into entering their login details.

2. Keylogging: Keylogging involves using software or hardware to record keystrokes. Once installed on a victim's device, keyloggers record everything that is typed, including passwords, and send this information back to the thief.

3. Brute force attacks: In brute force attacks, thieves use automated tools to try every possible password combination until they find the right one. This method can be time-consuming, but it is effective if users have weak or frequently used passwords.

4. Password spraying: Unlike brute force attacks, which target a single account with many password attempts, password spraying tries a few commonly used passwords on many accounts. This method avoids triggering account locks, which are often set up after several failed login attempts.

5. Credential stuffing: Credential stuffing involves using leaked combinations of usernames and passwords from a security breach to log in to other services. This method exploits users' tendency to reuse passwords across multiple websites.

6. Malware: Malware can be used to gain unauthorised access to a victim's device. Once installed, it can steal passwords stored in browsers, record keystrokes or allow the attacker remote access to the device.

7. Password leaks and data breaches: When websites or services suffer data breaches, attackers can gain access to large databases containing usernames and passwords. These login credentials are often sold on the dark web and used for other attacks such as credential stuffing.

How long does it take to crack a password?

The time it takes to crack a password depends on several factors, including the complexity of the password, the method used to crack it, and the computing power available to the attacker.

These times vary greatly and depend on the attacker's resources and the specific tools they use. Regularly updating passwords and using strong, unique combinations together with 2FA are essential for maintaining security.

B. Secure passwords: Why are they so important

Strong passwords are an essential part of IT security. They provide protection against unauthorised access, brute force attacks, phishing and password reuse. By using secure passwords, users help to better protect their personal data, accounts and systems and minimise the risk of security breaches.

C. 7 elements of a secure password

A secure password should consist of several elements to ensure security. Here are some important aspects that a secure password should contain:

• Length: A secure password should be sufficiently long, ideally at least 12 characters. The longer the password, the more difficult it is to guess or crack.

• Complexity: A secure password should consist of a combination of different character types. It should contain upper-case letters, lower-case letters, numbers and special characters. Using these different character types increases the complexity of the password and makes it more difficult for attackers to crack.

• No personal information: Avoid using personal information such as names, dates of birth, addresses or telephone numbers. Such information is easily available and could be guessed by attackers.

• No dictionary words: Do not use words that appear in dictionaries. Dictionary attacks are a common method of cracking passwords. Instead, use a combination of letters, numbers and special characters that do not make sense.

• Uniqueness: Use a unique password for each account or service. Reusing passwords increases the risk that if one account is compromised, other accounts will also be at risk.

• Regular updates: It is important to change passwords regularly, especially for important accounts. Changing them regularly reduces the risk of long-term compromise.

• Use a password manager: Using a password manager can help you generate and manage secure passwords. A password manager stores your passwords securely and allows you to access them without having to remember them all.
   

D. 7 more ways to create secure passwords

Password generators offer a secure solution for creating random passwords that are difficult to guess. Together with two-factor authentication and multi-factor authentication (MFA) and other options, this provides a higher level of security, as an additional confirmation step is required to access the account.

1. Passphrases: Instead of a single word, you can use a passphrase consisting of a combination of words. A passphrase can be longer than a single word, which increases security. For example: ‘Apple-tree-house-jump’.

2. Acronym technique: Choose a sentence or phrase and use the first letter of each word to create your password. Also add numbers and special characters. For example: ‘I love relaxing on the beach in summer!’ could become ‘Ilis@Bze!’.

3. Random generator: Use a random password generator to create complex and secure passwords. These generators produce a random sequence of characters that are difficult to guess. Store these passwords securely in a password manager.

4. Two-factor authentication (2FA): In addition to entering your password, use two-factor authentication, such as an SMS, an authentication app or a biometric feature (e.g. fingerprint), to add an extra layer of security. Another option is single sign-on. This allows users to log in to a single identity source to access many connected services without having to repeatedly enter login details.

5. Combination techniques: You can combine different techniques to create a strong password. For example, you could combine a passphrase with a randomly generated character set.

6. Passwordless authentication: Passwordless authentication eliminates the need for passwords entirely. Instead, other, often more secure methods of identity verification are used. This can be done through biometric methods, hardware security keys, or magic links (one-time login links sent via email). The goal is to make access more secure and user-friendly by removing the biggest attack vector – the password itself.

7. Use longer sentences: Instead of using a single word, you can choose longer sentences and combine the first letters of each word with numbers and special characters. Example: ‘The best time to trade is now!’ could become ‘DbTuzHz,n0!’.

8. Password managers: Password managers are programmes that store your passwords in encrypted form. All you need to remember is a strong master password for the password manager. And many password managers can automatically generate complex and unique passwords that you don't need to remember.

Centralise and automate the encryption of your hard drives and monitor compliance status with BitLocker Management from DriveLock.

E. The risk of password leaks and data breaches

Another significant risk to password security is data breaches, where attackers break into company databases and steal access data. Stolen passwords are often sold on the dark web or used for credential stuffing attacks, a technique whereby attackers automatically try out stolen passwords on various websites. It is therefore essential to use a unique password for each service and to regularly check whether your login details have been compromised by leaks. Services such as ‘Have I Been Pwned?’ help you find out whether your personal data has been affected by a known security breach.

The importance of secure passwords cannot be overstated when it comes to protecting our personal data and accounts. By following best practices for password creation, such as using long and complex passwords, updating them regularly, and avoiding password reuse, we can increase the security of our digital identity.

Supplemented by the use of password managers and two-factor authentication, we ensure that our online accounts are protected as best as possible. By taking these simple steps, we can actively help minimise security risks and protect our digital privacy. Remember: A secure password is the first step towards comprehensive IT security.

Read how you can protect your business not only with secure passwords, but also with DriveLock.