How to Create a Bullet-Proof Password!

By:  William G. Perry, Ph.D.

Introduction

Computers, smartphones and the Internet have totally changed the way we live and work. They’ve been accepted by people at a rate faster than television. Many homes and businesses have multiple connected devices.

The expansion in the power of the technology, also, has been phenomenal. A basic smartphone, for example, is more than 13,000 times as powerful than the computer used to land the Apollo space craft on the moon!

But there is a dark side to our computer use and staying connected to the Internet.

Our private information and business records are at risk.

Cybercrime is a low risk crime that has a high payoff

More than 1 trillion dollars a year is lost due to cybercrime. That’s more money than the total of the illegal global drug trade. More bad news is on the way. Estimates of the losses are expected to climb to 6 trillion dollars by the year 2021.

We are in the middle of a major crime wave.

Police and government officials are unable to protect us from a determined cyber thieves.

How Did We Get Into this Fix?

The inventors of the Internet paid little attention to security. The need to protect credit card numbers, trade secrets, bank accounts and social security numbers was of little concern in the decade of the 60’s.

The scientists were unaware of how the Internet was going to be used in the future. The Internet was invented to make it easy to share information among distant computers in a national emergency.

Only the military and researchers in universities and corporate laboratories had access to the Internet in its early days. These facts have tremendous implications for us today. We are dependent on an information system developed in the 1960’s that was specifically designed to make it easier to connect to other computers.

The Internet is vulnerable and we have little choice but to be proactive and protect our information assets. We are, otherwise, guaranteed to become victims of cyber criminals if we fail to do so.

You, your family members and employees in your organization are on the front line of an information war. You and those around you are the only ones in a position to help prevent intrusions and losses. You must do something now.

But do you know what you can do?

How Can You Defend Your Private Information?

Most people are unaware of how to handle the aggressive and innumerable attacks that are launched by people who want to steal your information and digital resources.

You have to commit to developing a “security mindset,” and following what is known as information security best practices. That’s the only chance you have to prevent cyber criminals from gaining access to your valuable information and stealing it.

One of the first things you can do to protect the confidentiality, integrity and availability of your valuable information is to use strong passwords. They are the frontline tools that you can use to keep cybercriminals out of your computer and personal accounts.

Learn all that you can to create strong passwords.

A cyber thief will test the strength of your passwords to gain access to your sensitive and private information. Once they are inside your system they can install malware that makes it possible for them to obtain access to your bank records, charge accounts and even confidential work-related records. The results could be disastrous.

The remainder of this report focuses on how you can create “bullet proof” passwords.

What Is a Password and How Does It Work?

A password is a series of alphabetic, numeric and/or special characters that is created to confirm a user’s identity so that access can be granted to computer hardware or an account.

A person must enter the correct combination of letters, numbers or characters (or password) so that the user can be confirmed and access granted.

Once a password is entered, it is compared to that which was stored when it was created. The user is granted access to the computer system or network when the data matches what is stored.

The federal government estimates that web users, on average, have 25 accounts that require passwords and that they typically are required to use at least 8 of them a day.

Passphrases (more than one word written together) may be used.

Are Passwords Easy to Crack?

The speed of computers today is unbelievable. A human being would require more than eight million lifetimes of calculating the answer of 15 digits, (24 x 7 x 365), to equal what a super computer can do in just one second.

Weak passwords are very easy to discover if a cyber criminal, for example, is using what is known as a “dictionary attack.” Every known word is tried in order to gain access until the right combination is found.

How Do You Create Strong and Effective Passwords?

A strong password should be at least eight characters in length (some security experts recommend between twelve and fourteen). Also, use both upper and lower case alphabetic characters.

Special characters can be used to make the password more complex. The special characters that can be used as part of passwords are shown in the brief appendix at the end of this report.

Numerous sites on the Web can be used to randomly generate strong password for you. In some instances those sites produce passwords that are more difficult to remember. You should be cautious when using third-party sources to generate passwords.

Follow security best practices when creating and using your own passwords and you should be fine.

 

Password, Change Password

 

What Are the Best Practices Associated with Passwords?

A number of security best practices are associated with passwords. They are listed below:

1. Avoid writing your password down or telling someone what it is. The chance that your password will be compromised is dramatically increased if you share.

2. The use of common or personal words is highly discouraged. For example, the name of your pet or words and phrases taken from pop culture would be a poor choice. So would using your birthday or former passwords.

3. Be cautious entering your password when your workstation is in full view of other people. Consider using a privacy screen to make it more difficult for casual observers to “visually hack” your password.

 

Picture of 3M privacy Screen

Privacy Screens Protect Confidentiality

Studies have shown that the “insider” is among the top threat against an information processing infrastructure. Fellow workers or others in your workspace, therefore, can be a threat that results in your confidential information being disclosed. A privacy screen helps block the view and maintain confidentiality.

4. Consider changing your passwords every three months and avoid using iterations of the same password. Use an entirely different word or phrase.

5. Use a passphrase as it might be easier for you to remember. Passphrases are stronger than a password. Security specialists recommend that you use a simple one to remember.

6. Avoid using the same password or phrase for different websites. Information security professionals suggest that you might want to consider using a password management system or what sometimes referred to as a “Password Vault.”

7. Test the robustness of your password. Microsoft™ is among a number of publishers who have such a test.

8. Passwords that either begin or end with a number shouldn’t be used. They are easier to crack or defeat. Instead begin your password with either an upper or lower case letter or even special characters.

9. Never give out your password even if a request to do so appears to be official. Be on guard against social engineering password scams such as “phishing.” It is one of many different schemes designed to get sensitive information from you. Cybercriminals pretend to be someone who has legitimate authority to obtain confidential information from people who have been targeted.

Network administrators and organizations with whom you have an account rarely, if ever, ask for your password over the telephone or email.

Are There Advanced Methods?

The threat from cyber crime continues to rise and there are advance methods for authentication that are coming into use. Government agencies refer to multi-factor authentication as being ‘something you know, something you have or something you are.’

Multi-factor authentication is now being adopted in business and industry. A number of financial institutions and corporate networks are using passwords and a token for users that generates a random number that must be entered. Use multi-factor authentication if the opportunity arises.

Granting access to users can also be accomplished by the use of biometrics (e.g. fingerprints). That’s the ‘something you are ‘portion’. In advanced applications even retina scans are being used.

You could also use a third-party provider that stores your password(s) in the cloud. Among those services are LastPass, DashLane and 1Password. There are also “local” programs that can be installed on your computer to help as well. They include Roboform, PasswordSafe or Keepass.

Experts stress if you do use a master password to protect all of your passwords and you forget what it is – you are out of luck.

Are There Additional Resources?

Among a number of resources on passwords available on the Internet is a site called, Password Research at http://www.passwordresearch.com/index.html. The publishers state that their mission is to assemble and share authentication information in one place. This website was the source for the story told at the beginning of this report. Another site that you may want to visit is: https://www.us-cert.gov/ncas/current-activity/2018/03/27/Creating-and-Managing-Strong-Passwords

Summary

Cyber crime is a major problem.  Your first line of defense is to use strong passwords. Follow the best practices that are associated with passwords. Build the most complex password that you can. Use multi-factor authentication methods when possible.

 

APPENDIX A

Special characters that may be used when creating passwords

Character                      Name

<blank>                           Space

!                                        Exclamation

”                                       Double Quote

#                                      Number sign (hash)

$                                      Dollar Sign

%                                     Percent

&                                     Ampersand

‘                                       Single Quote

(                                      Left Parenthesis

)                                      Right Parenthesis

+                                     Plus

,                                      Comma

.                                      Full Stop

/                                     Slash

:                                     Colon

;                                     Semicolon

<                                   Less Than

=                                   Equal Sign

?                                   Question Mark

@                                 At Sign

[                                   Left Bracket

\                                  Back Slash

]                                  Right Bracket

^                                 Caret

_                                 Underscore

`                                  Grave Accent (backtick)

{                                  Left Brace

|                                  Vertical Bar

}                                  Right Brac

~                                 Tilde

 

 

 

 

%d bloggers like this: