Online platforms are increasingly setting requirements for creating user passwords; uppercase and lowercase; use of random numbers and special characters alternated with letters. Handling this information can be difficult, but not impossible, as mentioned by pentesting specialists from the International Institute of Cyber Security (IICS).
How to create a strong enough password?
Choose 9 random consonants: khvgpytpm for example. Now add any number in between, for example 5. If everything is in order so far, change some letters to their uppercase counterpart (khVg5Pytpm). Remember, never use personal information (date of birth, taxpayer key, etc.) in your password.
The use of special characters (; % & ; ) can significantly strengthen the security of your password. According to pentesting specialists, most tools to deploy brute force attacks do not have these characters, almost completely protecting users against this hacking variant. To continue with this example, we will return to the password and type khVg5Py;tpm. It’s simple and it’s important that you do.
Don’t use the same password on more than one site
It is easier to use the same password for all online services, although this is not recommended as it makes it easier to deploy credential stuffing attacks. That’s why IICS pentesting experts recommend creating unique passwords for your social media, email, online banking accounts and so on. The following is an example of how to use virtually the same password, adding slight variations to protect us from the most common attacks:
- For VK, we use khVg5Py;tpm, adding the letters VK in reverse order along the borders, resulting in KkhVg5Py;tpmv
- For Facebook: BkhVg5Py;tpmf
- For Yandex: XkhVg5Py;tpmy
This is an efficient way to improve the security of our access keys.
Secure password storage
Ideally, a password should never come out of your mind. The tips mentioned above help for better memorization of your secure access keys. However, what if these methods don’t work for you? You may prefer to try another method to store a strong password.
Whether you prefer to memorize your password, use a tool to manage them, or simply write them on a piece of paper, consider the following tips to avoid disastrous situations:
- Do not store passwords in emails or in your social networks
- Do not save these passwords in your computer notes. If a hacker breaks into a computer or writes a script to find passwords, all this information will be available to them in minutes
- Do not write passwords on post-its and do not paste them to the computer monitor, you never know when your co-workers will decide to joke with you
- If you decide to save passwords somewhere, let it be an ordinary notebook, just be sure to keep it in a safe place
- There are a lot of password managers. KeePassX, for example, allows you to securely store and manage different passwords
Is it secure to store your passwords in Word?
If these methods don’t seem ideal to you either, pentesting experts will show you a little trick to store your password on your computer and keep it safe from hackers. Let’s take the password examples for VK, Facebook and Yandex.
You can store these passwords in a Word document. You can even call this document “PASSWORDS”. The fact is that we will only store half the passwords, the rest will remain in our head. Something as simple as QWERTY2607 (using a friend or family member’s birthday) can be added to the rest of the password, stored in Word. This way, if hackers manage to access this document, they will only have obtained half of the passwords, while the rest is safe in some corner of our memory.
Pentesting experts mention that this method protects passwords from incidents of data breaches, very common in business and government environments. This is especially useful in a world where not only hackers are behind our data, as virtually any online company can collect our information.
It is advisable to change all passwords every six months, or at least once a year. This is one of the best security practices, so pentesting experts hope you found this information useful. Finally, specialists recommend not storing your passwords in the cloud, as this can have disastrous consequences, including:
- Theft and sale of data: Cloud password storage services may collect information about you for sale to third parties without prior authorization
- Data breach: Occurs all the time; companies can be hacked and their data can be stolen by cybercriminals. Prevent your passwords from being part of the leak
- Phishing: Hackers have multiple tools to deploy phishing attacks on cloud platforms, so you may prefer not to protect your passwords this way
We have already mentioned this, but it is worth to remind you that you should never, under any circumstances, use your personal data as a password. Please don’t make things so easy for hackers.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.