A password is a key or a string of characters that is kept as a secret and is used as an authentication medium to identify the owner/user of account the give access to the relevant resources. Passwords have been around for so many years and with an introduction to the internet, the popularity of passwords ascended to keep the user’s account secure. Passwords have become a necessary part of computer technology as a means to keep the files private so that the user who knows the password has access to the files. Although passwords are difficult to use and hard to remember, they have reduced the ease-of-access and induced fear of getting hacked or locked out of your account.
Passwords have evolved into biometric locking such as the use of fingerprint recognition & facial recognition. As they are unique for all the individuals, they were assumed to be a good backup for passwords. But hackers have found out ways to bypass these locks & recognition methods too. Hence, paraphrases & passwords have remained as the first line of defence against unauthorized access. Therefore, it is very crucial to maintain the strength of this line of defence by precisely practising a good password management policy.
The password manager policy applies some set-defined rules to use the passwords. Users are not allowed to set the password that violates those rules. There are certain rules according to the policy mechanism of password manager which includes a length of a password, permutations of words used or user ID and its permutations.
“It only takes one breach to compromise the crucial data.”
What are the principles for password management?
Password managers are configured to follow a standard and uniform password policy across all systems. They are composed in such a way that it will never accept or propagate a password that will not meet the global password policy.
All systems enforce two types of password rules:
• Complexity requirements: It ensures that users do not select easy to guess passwords. Example rules are: not allowing any permutation of the user’s login ID, password history, requiring mixed letters and digits, forbidding dictionary words, etc.
• Password fields are required to only accept the assigned character set and length limits to physically store the password in the given system.
What can go wrong with your basic passwords?
• Your private information could be stolen or might be misused if the password is shared with others.
• With a large number of passwords to take care of, there is a chance that we might forget some of them.
• Hackers can steal passwords through various attacks to collect personal information. They can use email to send link or attachment as a bait,
• which is known as phishing.
• Easy Passwords such as the username, date of birth, mobile numbers could be guessed easily.
• If you use the same password for all accounts, there are very high chances that hackers can crack all account passwords.
ITPro has listed some password cracking techniques that can give unauthorized access to the cybercriminals to harvest the passwords of legitimate users.
• Dictionary attacks: As the name suggests, the dictionary attack is the method that uses an index of words that features most commonly as a user password. The attackers use software that automatically plugs frequent passwords into the credential field.
• Brute Force Attack: It is more sophisticated than the dictionary attack as it can also detect alpha-numeric combinations such as ‘qwerty1234′, ’12a34b’.
• Phishing: This attack uses disguised email as a weapon. The trick is to make the user believe that the message is from the real sender whether it is a request from the bank, a link from the company or attachment to download.
• Social engineering: It is the term used for a broad range of malicious activity achieved through human interaction. The attacker uses psychological manipulation to trick the user to get their crucial information.
• Malware: The term is also known as Malicious Software; it is a computer program that is used by hackers to cause extensive damage to the system.
• Cracking security questions: Many people use the name of their kids, other relatives, or pets for the answers of security questions or as passwords themselves. These types of answers can be easily inferred with a little research or can often be found on the social media profile.
• Guessing simple passwords: Hackers often try to use the easiest way to crack the passwords and that is by guessing the most popular ones. Some of the most popular used passwords are 123456, 12345, 111111, princess, qwerty, and abc123.
• Reuse of passwords across multiple accounts: When a single data breach compromises passwords, that same credentials can often be used to hack into user’s other accounts. Reusing passwords for different accounts such as email, banking, and social media can lead to identity theft.
A large number of people use very weak passwords and reuse them on different platforms. So, how are you supposed to use strong as well as unique passwords on all the platforms that you use? The solution is a password manager.
Password managers store your login credentials for all the websites you use and help you to automatically log into them. They encrypt your password database by using a master password such that the user is supposed to remember only one to gain access. Password managers also deploy secure password generation techniques that can advise you for the most secure passwords, when you create a new account & later, store them after encryption. Some encryption & hashing techniques used by these password managers are SHA-256, SHA-384 & more.
It is desirable to use a single global policy for a password manager to make the user experience much simpler. While the password is a most commonly used practice to authenticate the users to get into their accounts, passwords are frequently targeted by hackers to break into systems. Therefore, it is very important to follow some good password management policies to defend against unauthorized access.
Users can use different passwords for different systems with respect to the security requirements and the value of information that need to be protected. A password manager can help to reduce the efforts of users in memorizing a large number of passwords by making use of an access control mechanism. This should be enforced with strong security policies and guidelines, supported by user awareness training and education on the best practices in choosing passwords.
Bulwark CyberX helps businesses & individuals to secure themselves & their information in this digital age. Let’s secure cyber, together.