Password or Passphrase is one of the most important topics in today’s IT security. All digital users from the internet to smartphones use passwords for authentication and authorization. The password sometimes called a Passphrase. The security of the Password is very important as it is designed to be secret and only to be known by its owner. But today there are a lot of different cyber-attacks and threats about the password. In this tutorial, we will learn how to create and make a password or passphrase secure.
Password and Passphrase Attacks and Threats
Before starting to explain the security of the Password and Passphrase we should talk a little bit about the threats and attacks about the password and passphrase. The passwords and passphrases generally used with a user name or login name. The username and password create a credential which simply used to authenticate a person. Capturing and revealing the username password is a very successful step for attackers as by using this username and password attacker gains the privileges of the target user. Below you can find different attacks and threats about the passwords and passphrases.
- The brute force attack is one of the most popular attack type about the password and passphrase. The brute force attack simply tests the password or passphrase for a specific and existing username. Attackers generally get or guess common or known user names like
admin,administrator,root,ismailand then try different passwords for these specified usernames. - Shoulder surfing is a social method which can be accomplished physically watching the users password while he/she types. This is a bit hard to implement but can be done easily especially in public environments.
- Network sniffing is a technical way to get the user password or passphrase which requires the attacker to have the ability to sniff or listen network traffic. Also the password or passphrase should be transmitten in a clear text way.
Secure Password and Passpharese During Creation
The brute force attack is one of the most popular method for attackers. Users, especially novice ones generally prefers simple or generic passwords. Users generally use simple passwords like 123456 , admin , password etc. in order to remember easily and type easily. But this makes the password vulnerable to the brute force attacks where the attacker can use automated tools to guess password. Below we list some suggestions about creating secure passwords and passphrases.
- Use different characters types like lowercase letter, uppercase letter, number, special character etc. As example
..ThIsI10sSeCuRe!!. - Make your password long which can be at least 12 charachter.
- Use different characters in different location of the password like using the dot at the start of the password. As example
..ThIsI10sSeCuRe!! - If you want to make the password easy to remember and select short passwords type the password two times. As example
..ThIsI10sSeCuRe!!..ThIsI10sSeCuRe!! - Make the password easy to remember but using unknown or hard to implement methods like using camel case where odd letters are lowercase and even letters are uppercase. As example
..ThIsI10sSeCuRe!!
Secure Password/Passphrase Usage and Management
Selecting a complex password or passphrase is not enough to secure password or passphrase. The security of the password and passphrase also requires secure usage and management. Below we list some suggest to make, use and manage the password and passphrase in a secure manner.
- Store the password or passphrase in secure and encrypted manner. Do not store password or passphrase in clear text in a text or excel file. Use encrypted files or folders to store.
- Do not share password or passphrase others or different applications or web sites. You own the password and passphrase and others and leak or use your passwords with different intentions. Or different applications may as your password or passphrase those do not need logically.
- Use password manager or vaults in order to store or use your password and passphrase.
- Change your password or passphrase periodically inorder to prevent unknown leaks and usage of your password.
Check Your Online Account or Password Have Been Leaked
The popular security celebrity named Troy Hunt created a web application named Have I Been Pwned . This web application provides the ability to check if your online account and password have been hacked or pwned. There is no registeration or detailed login steps. Just put your account name which is generally the email address. All previous leaks about your account which also contains password and passphrase leaks are listed with detailed information.
