Passwords are the general ways for various organisations and the people which serves as a factor to recognise their identity while making online transactional activities, online purchases and making access to online services such as emails and personal computer accounts. It becomes necessary for us to create strong passwords to safeguard our identity. Passwords’ strength determines the effectiveness of a password with respect to its extent of being guessed or predicted by any hacker who can not access our password directly.
It has been observed in the analysis that from the past 10 years most commonly used password is still “123456” but Singapore seems to be improving in these matters of concern.
Table of Contents
Guidelines for strong password creation
Various proponents of software system security suggested some guidelines for creating strong passwords so as to shield our identity against fraudulent guessing.
Try to establish long passwords having 20 or more characters if the system allows lengthy passwords.
Generate the password which is a mixture of alphabets, characters, numbers and symbols.
Avoid repetition of the password for any other account.
Avoid making use of such information as a password which is familiar among our relatives or our acquaintances.
Password guess validation
Sometimes our valid passwords might be in the database of the system, and if somehow any attacker got access to systems he would gain the knowledge of accounts on the system and will hack passwords of all the related accounts on that particular system.
So, it is always advisable to store cryptographic hash of every password. Strong cryptographic hashes are difficult to access or reverse and it would generate difficulty for attacker to find access to the passwords.
Password policy
- It’s just a simple guide in making choice of a valid passwords.
- To help out users to create strong passwords.
- Recommending users in managing and handling of their passwords.
- There should not be any password which is in use for a long time.
- Password expiration contains password policy. Password expiration serves main two functions. Password expiration fewer than 100 days may provide insufficient time for an attacker. If the password is getting comprised then requiring it to reset after regular intervals to limit access time for attacker.
However, user can face limitations of password expiration.
Provide chances of creation of weak passwords.
If the user has its existing password strong enough then the probability of changing passwords enhance the risks of weaker passwords.
Users can earn more security by stretching the length of password rather than altering the password after every use.
Creating and handling passwords
One of the security experts Bruce Schneier says in his recommendation that it is difficult for people to remember longer passwords but it would be reliable to write it on a piece of paper and keep it in their wallet.
Some suggested steps to enhance the acceptance of strong password:
Short training sessions for the people who fails to adapt to the password policy.
Automated programs to estimate the strength of users’ choice passwords which would assist in evaluation of proposed passwords.
Most key factor can be the displaying of the recent login date and time details to help the user to identify the unauthorized access. Allowing users to change their passwords by an automated process , which would lessen help desk call volume. However, some of the systems are at the verge of insecurity such as researched answers to password reset questions skips the advantage of a strong password system.
Password managers
It allows the users to use hundreds of passwords but users just have to memorize only one which would provide access to encrypted password database. Nowadays, most of the password managers automatically generates strong passwords by using a cryptographically secure random password generator and also evaluate the entropy of generated password. Ideal password gives resistance against attacks for example key loghing, clipboard logging and various other memory spying techniques.
Hope this article would have provided you enough knowledge to ensure cyber security and also regarding the safeguard of our passwords while handling the security of the private online data.
Written By: Harpreet Sidhu