How are passwords compromised?
There are various types of tools and techniques hackers use to try and obtain your password. Being aware of each of them and understanding how they work will help you in determining a strong password.
Dictionary attacks: These types of attacks will try every word in every dictionary with different numbers and characters before and after the word itself. A variation on this attack is to try every possible and common phrase in the English language.
Brute force: These attacks try every possible combination of numbers, letters, and special characters. The longer a password is, the longer this type of attack can take before it's successful.
Password lists: Numerous organizations have had their databases compromised over the years and massive lists of passwords are available on the internet. Some types of attacks will try to use the passwords in these lists as there are many common trends and many reused passwords.
Phishing: Malicious emails and websites which pose as legitimate services (like your bank or cable provider) may ask you to type in your username and password and then steal them. No legitimate service will ask you to send your username and password – they will only ask that you visit their official website and log in.
Keystroke loggers: There are some types of malware and hardware (like specially designed flash drives, for example) which can record the keys being pressed on your keyboard and send them to the attacker's server via the internet.
Sniffing: This type of attack monitors network traffic looking for usernames, passwords, and other sensitive information. Sniffing is especially effective on open and/or public WiFi networks and on sites which are not using HTTPS.
What is a strong password?
A strong password can be measured primarily by length, randomness, and uniqueness. You should stay away from dictionary words or any common word combinations such as ''JohnSmith''.
Two examples of how to create one include:
- A long string of random characters like tP2cuZHNwbgp^qENSmB2UX^V. The ideal to aim for is 16-24 characters which are totally random and use every character type including upper and lowercase letters.
- Four unrelated words of good length strung together like toasterjupitercumulusmonitor.
Note: Some websites restrict how long a password can be and which kinds of characters can be included. If these restrictions limit the strength of the password, just try to make it as strong as possible.
Strong passwords can be difficult to remember especially when best practices advise us to use a different password for every website/service we use. This problem can be solved by using a password manager. All of the passwords you have can be stored in the password manager's encrypted database and accessed by using one master password. That way there's only one password that needs to be remembered - the master password. Some password managers can even automatically log you into the website you're visiting.
There are many different password managers out there that the average person can choose from. Two examples of these would be LastPass and Dashlane.
Note 1: Most browsers can remember login information, but the browsers' built-in password managers are usually less secure than using a dedicated password manager.
Note 2: Password managers are third-party software not supported by Sparklight. Use at your own discretion.