What you should know about your password

Remember that your information/data security starts with your password.

Today is 7th May which is the first Thursday of May which is called World Password Day. What is the importance of this day as an information security person to memorize some tips?

Yes, It is very very important, as it is the day called “World Password Day”.

World Password Day

Here I am going to give some tips to make your password more secure in another way less vulnerable.

I am pretty sure that if you read this article, you are an internet user and you may own multiple passwords. I might say that maybe one or a few of your passwords are guessable or vulnerable for a dictionary attack.

Let see how your password should be. Have you ever thought that your password is secure enough? Think about a few questions here.

What is the most common password in the world?

I must say the it is “Password@123”

2. What are your most common admin user name and password?

UserName: admin

Password: “admin123" or “admin@123” or just “admin”

If so, first go an change your password and come back here.

3. What is the pattern of your password?

you might have a secret, such as your middle name that you do not expose to the world.

You might use your monther’s maiden name, first letters of the first name, middle and last name, and so on.

so I can guess that your password pattern in “Xyz@birthyear”. or such pattern.

4. People use the same password for different systems as do not like to remember multiple passwords.

There is a most common problem with a password. How you will remember multiple passwords for multiple systems. Today in the modern world, there are so many systems that accessing by people for the day to day activities. It may be the company, Facebook, google mail, online banking, your insurance portal, and so on. So it is very difficult to remember all the passwords.

So people eager to use the same password for multiple systems. or use the pattern that I explained above with different prefixes and suffixes.

Because when you choose characters, words for your password, your brain is smart enough to give you some tips with things that you emotionally connected with such as, your kid's name, your girlfriend's name, your company name, your birth date for number, your employee number. Because you are implicitly trained to use the most familiar and remembered words, numbers, and characters.

5. Are you using substitute letters in your password?

Ex: E → 3, a → @, S →$ so on.

Ex: Dilanka@123 → D1l@nk@@123

This also bad with today’s dictionary attacks and password attacking tools. They have this all combinations in their password dictionaries.

you can google and search what is a dictionary attack.

Dictionary attack

6. When you try to use forget password option in any website or system and the system sent you back your password exactly.

It is very dangerous as they are keeping your password as plaintext or encrypted on their way. If that system is compromised and if you use the same password used in your online banking portal and that also will get leaked.

You must change your password to that system frequently.

A proper system will send you the reset password link or other option to reset to a different password as they using hashing mechanism to keep the password which is one-way flow and cannot see your password to others.

Cryptographic hash function

Secure tips:

1. Do not use guessable words or characters of your life events or relatives or most favorite things and surroundings.
2. Do not user too short passwords ( easy to break) too long passwords ( hard to remember and you will end up resetting password every time :D)
3. Use more than 9 characters for your password. And in that 9 characters, you can use one or more special characters such as ( #,$,%,&,@), and mix uppercase and lowercase characters, and add some numbers.
4. Do not use the same password for multiple systems. If one system is vulnerable to attack and leaks the password information. your all systems will compromise.
5. Use eliminate strategy. If you sign in to a new system, and the service that you are not going to use daily or you are using it once in a year. Use a random password generator tool. You can use a reset password option when you come back after the year. No need to remember at all.
6. Use master password manager tool. you can purchase a trusted tool which they use standard security hashing and encryption methods to keep and save your password. But you need to make it secure with the master password which is the only password that you need to remember

That password Must be at least 5 meaningless words long.

Must be a mix of lowercase and uppercase letters.

Must have special characters.

Must have numbers.

or you can use a random password generator.

Happy Password day guys. If you feel your password is not secure, go and change now.

Thank you for coming back and referring to my articles. Please feel free to comment and let me know if I am wrong.

And give some claps if this helps you.