Password Security

Tips for Password Security

Despite Bill Gates, co-founder of Microsoft Corporation, predicting the demise of passwords back in 2004, they are still very much in use. Passwords though seemingly foolproof, are also at the core of many cybersecurity problems. The primary drivers of the issues involved with passwords, are human behaviour and the desire for convenience. As such, these two factors influence the vast majority of users to reuse passwords across multiple accounts.

An online survey by Google identified that around 65 percent of people use the same password for multiple or all accounts. The statistics validate the magnitude of the password reuse problem and, thereby, necessitating the need for users to take appropriate and, if necessary, immediate action to mitigate the accompanying risk.

Password reuse is an understandable human behaviour. But individuals do need to make good password hygiene a priority to ensure that passwords are not a weak link to any of their personally identifiable information (PII). Every user account, system, application, service and smart device should have a unique password that consisting of random sequence of alphabets (both capital and small), special characters and numbers.

Unauthorised access is potentially a major problem. Invariably, every other day there is news stating cyber-criminals compromising websites, online accounts. The consequences for such series of events can include the loss of valuable data such as one's passwords; and worse yet, one may also have their personally identifiable information (PII) like Aadhaar, PAN, date of birth, etc. exposed which can be used by cybercriminals in locating the accounts/data associated with an individual, such as work-related, personal social media accounts, bank account information, etc.

To determine a password that has been set by a user, cybercriminals and malicious hackers employ a technique known as Brute Force Attack. In this approach, every possible password is attempted until the correct password is identified. Using computing devices equipped with state-of-art processing chips, thousands of passwords per second can be tried out by cybercriminals so as to find out the exact match. However, for this technique to work, a malicious hacker or a cybercriminal needs to identify a sequence of characters that might have been used by a user. To make such brute force technique ineffective, the recommended course of action is to use passwords that are preferably at least 8 characters long with a mix of capital and small letters, numbers and special characters. Such type of password is considered strong. The stronger a password, the less likely for brute force technique to be successful.

Key points for Password Security

  • Always use different passwords for different accounts and change them at frequent intervals. Remember not to repeat a password that you may have used at any point of time
  • Never write/jot down passwords anywhere
  • Try and use multifactor authentication along with passwords
  • Always have strong and unique passwords for different accounts
  • Password should be long and complex; preferably it should contain at least eight characters, including at least one numerical value and a special character/symbol
  • Never disclose a password online/to anyone, whether you know them or not
  • Never use passwords which can be easily guessed such as those based on personal information