Protect Your Accounts With a Strong Password!

Data breaches stemming from weak passwords continue to rise. Many cybersecurity consultants recommend using a passphrase instead of a password to increase your online security. Let us help you better understand how it works.

What’s a password? The dictionary tells us it’s a word that grants us access or admission to something. In computer terms, a password gives a user access to something that’s otherwise off limits.

How passwords work

When you create a password, it’s run through a mathematical function called a hash algorithm. The input is your password — let’s say “summer2021.” The password is typed in and the output is an alphanumeric string with a fixed length. For our example, it’s 32 bytes long. So, no matter how many characters the password has, the output is always the same length. This output is commonly referred to as the “hash.”

Once the hash is created, the system for which the password is being generated saves the hash and your username to a file. Each time you attempt to log in, the system takes what you typed in the password field and runs it through the same hashing algorithm. The information is checked to ensure the output matches what’s saved in the file. If it matches, access is allowed. If it doesn’t match, access is denied (when the system is operating correctly). This all happens very quickly; computers can do something like four billion things per second!

From this explanation, you might see the problem. Bad guys could pre-emptively take every word in the dictionary, run each through the same hashing algorithm, and then compare the hashes to the password file they stole or purchased on the dark web. Remember, computers can process things extremely quickly, so it won’t take long. Once a match is found, they have your password. 

Passphrase vs. password 

For these reasons, security professionals preach to use passphrases rather than passwords. A passphrase is a series of words, and the additional characters add to the complexity. Of course, this also tells us to use uncommon phrases, as they’re far less likely to be guessed.

Biometrics

Many security experts use this explanation to justify moving to biometrics or realistic authentication. The measurements and calculations of the body, including fingerprints and faces, are stored as data. Once collected, these measurements are run through the hashing algorithm and the output is saved. When you attempt to log in, the two outputs (username and hash) are compared, just as is done with passwords and passphrases.

What if someone steals the hash of your fingerprint measurements? Can you change your fingerprint like you can change a password? The simple answer is no.

In a best-case scenario, systems should use layered security requiring multiple security pieces. This is sometimes referred to as multifactor authentication and requires two things:

• Something you know, like your complex passphrase.
• Something you have, such as a security token or a physical device that creates a new code every few minutes.

As much as we may wish it, passwords aren’t going away anytime soon. Having a better understanding of how they work may help users develop stronger passwords and passphrases, (Partially reprinted from shazam.net/news/shazam-blog.)

Six Easy Steps to Create a Strong Password

1. A Long Password is a Strong Password. A strong password must be at least 20 characters. If your password is 8 characters or less it can be cracked in 58 seconds.
2. A Strong Password has Special Symbols. It should include unique symbols, numbers, lower-case letters and upper-case letters for added strength.
3. A Strong Password doesn’t Include Obvious Information. Don’t use personally-identifying information, such as birthdays, zip code or addresses.
4. A Strong Password is Memorable and Uses Acronyms and Codes.  It needs to be memorable. Try using codes and acronyms that relate to specific things that you’ll be able to memorize. They’ll look like a random assortment of letters, numbers and symbols to everyone but you.  An example – InTlitmba_rn!4S-mny$ -- I need To log In to my bank account_right now!4 Some-money$
5. A Secure Password is Backed Up By Multifactor Authentication (MFA). Unfortunately , there is no such thing as a password that can’t be hacked. Therefore, a second form of authentication is best. It adds an extra layer of security to your account.
6. Use Password Managers. They keep all your passwords in one place. You only have to remember one password and it should be strong, secure and memorable.
   

Remember, your password is your first level of protection against hackers.

(Partially reprinted from anetworks.com)