Is my Password secured? – An Introduction
Having a secured password has been increasingly getting important. With the rapid digital evolution, new underhand techniques to steal data and passwords are coming into the light every year. It is important to protect your data as it may be used illegally by others if you don’t. In this article, we are going to understand whether your password is secured or not and how you can create a secured one.
What was considered a secured password 5 years ago may not be a secured password anymore. It is becoming easier and easier to crack such ‘old school’ complex passwords with the newer generation, powerful hardware. A combination of a good password cracking program along with high-performance hardware like an RTX series GPU can crack a standard 8 characters password within minutes. This is why it is becoming more and more important in adapting new password strategies for your safety.
Let us understand the most common methods of how a hacker can steal your password. Furthermore, we will also cover what you can do to make your password perfectly secured.
Well-known methods for Cracking a Password
We believe that people should understand these methods for knowledge and awareness purposes. There are many ways to break a password and we have listed down the most common ones. The techniques have remained the same throughout the past few years, but technological advancements have made these techniques stronger and scarier. Remember, your standard 8-character secured password is not so secured anymore.
1. Brute-Force Attack
A brute force attack requires a password cracking program and a high-performance hardware setup. The latest RTX GPU can singlehandedly crack your weak passwords within minutes. These hackers prefer the latest graphic cards as they have many processing cores. For example, my Nvidia GTX 1660 Super has 1408 cores that can help with effective password cracking as well. The latest RTX 3090 has 10496 cores. Imagine what kind of password cracking performance it would give.
In a brute force attack, the password cracking program makes multiple combinations of characters, alphabets, and numbers to make guesses on your password until it eventually hits a jackpot. Newer generation hardware can make almost half a million to a billion guesses per second. That is a lot of guesses within a minute. Imagine how long it would take before it actually manages to guess your standard 8-character secured password.
2. Dictionary attack
A dictionary attack attempts to combine known words and phrases to guess a user’s password. If your password only consists of a word or a phrase, then you are vulnerable to these attacks. And yes, even with case sensitivity. This is why a lot of websites will always prompt you to use a combination of alphabets, digits, and symbols. This way, it becomes impossible for a dictionary attack to take a guess at your password and it will eventually exhaust.
It is important to know that a dictionary attack will begin with the most common password guesses. For example, if you have a password like ‘helloworld’ or ‘iloveyouryan’, you’re done within seconds. Please do not use common phrases like this. And for the love of God, please do not choose ‘password’ as your password.
A hybrid brute force attack includes tactics of dictionary attacks as well. Despite having a combination of alphabets and digits, a password like ‘helloworld12345’ can be cracked within seconds. Why? Because such combinations are very well-known, very common. Avoid such simple combinations.
3. Reverse brute-force attack
A normal brute force attack attempts to identify a user’s password based on their login name or email. A reverse works in the exact opposite way. In a reverse brute force attack, your password is already known to the hacker. The hacker will test this password against multiple usernames until it works. Such a database can be obtained from data leaks. Unfortunately, no security system is perfect, and hence your passwords are vulnerable to a data leak as well.
I got a notification from Google recently that 21 of my internet accounts were vulnerable as my password got leaked in a data breach. I had to change my passwords on every single website to make them secure. As you have guessed, unfortunately, there’s no other way to counter this once your data is leaked online. I’ll cover more on how you can prevent this in the next section of this article.
Phishing is also a popular way to steal someone’s credentials. This method is wildly popular in stealing a customer’s banking related data. This data may include internet banking credentials, credit card information, and so on. Phishing websites look like authentic websites but they have a missing element here and there. You may notice the layout seem a bit strange than usual, or there are spelling errors around, and so on. Once you put your information through a phished site, your credentials are directly sent to the hacker, who can then use them for illegal purposes.
Keyloggers are not a common method anymore as many anti-virus programs can identify a keylogger easily these days. Antivirus programs constantly update their virus database these days, so it has become easier to identify a keylogger-hiding program. Regardless, it is a fairly simple method for hackers and can do tons of damage to your system data if your system is unprotected.
Keyloggers are programs that can read, store, and send every keystroke you type on your PC to the hacker. Besides, a keylogger will also track all the websites you would visit on the internet. This way, the hacker gets all the information about your activities and they can use it against you.
Special: “Have I been Pwned?”
Before we dive into making a secured password on the internet, we want to talk a little about this very cool and useful website called ‘Have I been Pwned?’. What this website does is that it can check your email IDs and Passwords and tell you whether they have been leaked online or not. It is a great tool to keep a track of your security. If the website suggests your password or email has been leaked, it is a good idea to change your passwords immediately. a leaked password may not possess imminent danger, but it is still a danger nonetheless. Not every breached data is used immediately. Almost always, such data is put up on sale on the dark web and the data thieves expect a price in return.
You would ask: ‘is putting my password and email ID in a random internet text box safe?’ Well, that is a valid question and you definitely should not do that. However, ‘Have I been Pwned’ works a bit differently to not record your valuable data. How? Take a look at the video below.
It is always a good idea to check your password here before you consider using it for your account. If the password ‘has been pwned’, it’s better if you don’t use it.
How to make a Password more secure?
Let us understand how you can make a strong password and other techniques to safeguard yourself on the internet. In this section, I am also going to branch out a little bit to cover telephone-related scams. They are as common too and they rather sound very convincing than deceiving, which is the worst part about it. Let us know more!
1. Use a long, complex password.
In 2021, a long, complex password has at least 12 or more characters, a good mix of alphabets, numerals, and symbols. The more gibberish it appears, the more secured it is. You can come up with a variety of creative methods to make a password look gibberish, but when you look at it, you know what it will be about. For example, I can use this sentence as my password. Literally!
This password literally contains the first two letters from the sentence above. I have capitalised them alternately to make the password more complicated. It just looks like I keysmashed some random alphabets and caps as my password. But for me, I know what it is about. To make it a little stronger, throw a few random numerals in it, and one or two symbols and it nearly becomes unbreakable. For example, it would look like this.
I know this is a really long password (24 characters long) but of course, you can go with a shorter version like this. We recommend using 15-20 characters long passwords.
Note: As the above password example is now public, we advise you not to use the exact same password mentioned above anywhere else. It is just for your reference and understanding. Do not use any password examples mentioned on this blog as your passwords.
Know more about how you can choose a secured password from experts. Take a look at the video below:
2. Use Password Managers.
Creating and remembering unique, secured passwords for 23 different websites you visit will be difficult for you to remember. This is where a password manager comes in. Password managers are a great way to keep all of your passwords in one location. What password managers do is that they can create a randomly generated unique password for each website you have an account on. That randomly generated unique password may look something like this:
A completely random, 20 character long password without any meaning. It is near impossible to crack. Or even if someone is determined to crack a password like this, it would take them years, even with the latest technology we have on hand today. More on password managers in the video below:
For the password manager, we recommend 1Password or LastPass. Both are on par with each other and are almost equally best. These options are paid options but there are free options around the internet as well. However, we recommend not using any freebies as password managers online or offline. As it is a matter of security, you should consider paying for it. Why? A free password manager won’t offer you the equal quality of security as a paid version. If you are confused about choosing between 1Password or LastPass, Zapier has a great article about it. Check it out!
Of course, to use such password managers, you will still need your own password to log in to such platforms. Make sure that your ‘master password’ of yours is protected well.
3. Don’t use the same password everywhere.
If you are using a password manager, you won’t have to worry about this. But if you still want to use your own passwords, it is a good idea not to use the same password everywhere. If you do, the hacker might try to use the same password on different accounts and you will get hacked on multiple fronts. Remember, if your email is exposed this way, most likely you will lose a major part of your internet identity. Make sure your email’s password is very unique and secured at least. This is also why we recommend you to use a password manager.
4. Don’t download any suspicious programs.
We have talked about keyloggers in this article. Such keyloggers and other data-spying malware may come to you through the form of a suspicious program or file. Having a good, reliable antivirus system becomes important just because of this. If you are even remotely suspicious about anything on the internet, it’s a good idea not to visit the website or download that file or program at all.
5. Phishing and Scam Calls.
This is the branch-out topic I wanted to talk about. Phished victims often get a scam call beforehand to ‘hook’ them onto the process. This is just done to hijack your passwords and other credentials to steal your data, money, or identity itself. Nowadays, antiviruses can notice such phishing websites and can block you from accessing them. Once again, we insist you get a good antivirus program on your system.
Another tactic these scam callers use is that they ‘scare’ you with phrases like “your IP is hacked”, “you have a virus on PC”, or “We will pay you some amount, but we require some XYZ data”, and so on. They will often sound like they are calling from a certain reputed organisation. They will often make you download a program (keylogger method), visit a website (phishing method), or ask for remote access to your system itself via programs like AnyDesk or TeamViewer. Quickly decline such calls without entertaining them because a reputed company would never call you like this.
Jim Browning Special
Jim Browning is well-known for his tracking and revealing scammers over the internet. His own account was deleted as a scammer managed to convince him. We are posting his story here to spread awareness of how a scam can fool you, no matter how vigilant you are. There are plenty of videos on his channel (thankfully restored!) that are really educational.
Making a secured password is indeed important in protecting your online kingdom. The main purpose of this article was to educate our readers on various popular hacking methods that are used to crack passwords for illegal purposes. And they are followed by how you can create a secured password, or how you can manage your passwords with password managers.
Initially, this article was not supposed to focus on other types of data theft methods. But I personally felt that such underhanded scamming methods are equally dangerous and were worth mentioning for awareness purposes. I hope this article has covered everything you were looking for about passwords and online security.
Disclaimer: Please note that we are not affiliated or associated in any way with the products and the YouTube channels – Jim Browning and Computerphile – mentioned above. The reason we have mentioned them here is because we personally have found them extremely helpful in maintaining your online security. Nonetheless, they are great YouTube channels to educate yourself if you are interested.
Digital Lime Green offers military-grade yet affordable website security solutions for all kinds of websites. As this is a part of our Website Maintenance package, please contact us to get an accurate quote or know more about our services!
Keep yourself safe out there and follow good password practices. It is better to stay safe than sorry!