You may not be aware of how vulnerable you are to hacking, or more precisely – brute force attacks. After all, our important information is often ‘password protected’.
The truth is, it’s incredibly easy to break into our accounts using nothing more sophisticated brute force. Brute force attack is a common means of cracking passwords with repetitive successive attempts of trying different combinations. The simpler your password, the less time is needed to get in.
Matters are made worse by the trails of personal information we leave on social media. Third parties nowadays tend to follow their victims online to find traces and keywords to target in their attempts, which significantly increases their chances.
Now, you might be prompted to reset your password right away, but before you do so, here are a few common password mistakes to avoid.
We’re all tempted to use the same password over and over, but convenience is not worth putting multiple accounts at risk. A study shows that more than 97% of people cannot detect a phishing email, which is one of the most common means of password stealing.
In the event of a phishing attack, using unique locks to different accounts will serve as damage control.
What do you do when asked to change your password? Instinctively, most people change one character in a non-random way, such as going from ‘1’ to ‘2’, then ‘2’ to ‘3’ subsequently.
Changing just 1 character of the password does not make it any harder to guess in a brute force attack, which completely defeats the purpose of a password update. Even a non-alphanumeric character such as “!” at the end of a password is not a good idea because that’s where everyone puts them. Let’s look at what a popular password-generator and checker says about the strength of an average password.
A password that contains numbers, lowercase and uppercase letters, even a non-alphanumeric character is still considered ‘Terrible!’ which can be cracked by brute force in a minute.
A password generator tool such as the one shown earlier helps you generate new random and unique passwords for each and every account.
Besides that, you can also layer multiple strong passwords for a single account to ensure that it will take an infeasible amount of time to decrypt your password.
A password manager is a program that can help you to create and store your unique passwords so you won’t have to remember them all. With a password manager, you need only one master key to login to your vault, and it does the rest for you.
A good manager also encrypts your passwords before syncing them onto the cloud so you can access them at any end without the risk of interception and theft. Since your password manager keeps all of your credentials for you, it’s only reasonable to protect it with two-factor authentication.
This way you know you’re the only one with access. Not sure what that means? Step 3 explains 2FA in further detail.
Brute force attacks can easily decrypt any password under-15 digits in just a few hours. Therefore, besides having a long and unique password, you also need to activate two-factor authentication.
Two-factor authentication works by sending a one-time secondary password to a device that only you have access to. The code might come to you via text, in an app, or a digital security key. This helps verify your identity to the platform and add an extra layer of security to your account.
You’re highly recommended to turn on 2FA not only for your password manager, but for all important accounts such as your email, e-banking account, cloud drive, and wherever you store sensitive information. A little effort goes a long way.