Passwords are the key to your privacy. They guard all your private information and authenticate you where you need to prove you are who you say you are. Other forms of identification such as biometrics have cropped up, but passwords still play a massive role in the authentication.
Most people are ignorant about passwords, making it easy for hackers. A good number of government and banking institutions restrict passwords at random.
Why government and banking institutions restrict passwords?
User education: Some of the institutions want to educate the users on password security by making them use complicated passwords, for example with a specific minimum length and adding special characters.
Because of weak security: A good number of sites tend to store their passwords in plain text. It means they have no option but to restrict the characters one can use, and password length.
Cleverly disguised threats: A common trick in extracting information from SQL databases is via an SQL injection. A malicious hacker parses commands, cleverly disguised as commands to a program, instead of entering them as passwords. Most sites exclude any characters that might encourage using an SQL injection from authorized passwords to protect from SQL injection techniques.
Outdated or wrong advice: The way we understand passwords today, plus the securing systems have changed a lot over the past 20 years, but not all systems have changed with the times.
To be safer rather than sorry, be cautious with sites that ask for more than minimum password length when there is no logical reason to.
Let’s look at some password misconceptions and password strength improvement suggestion
1. Passwords are insecure
Passwords still pass for the best authentication technique in comparison to phone numbers, government ID and biometrics. However, we would always recommend using two-factor authentication for security. A secure password should be:
- Strong enough, meaning brute force cannot work on it
- Uniquely different and you have never used it in any site
- Someone very aware of the dangers of phishing sends it over secure channels such as an HTTPS connection.
2. Passwords do not possess a maximum length
A password can be any length you need it to be. This is because services as and salt passwords and only save the hash. Hashing means any data, no matter the type, length, and type, are converted into unique strings of text that are always the same length. However, a password becomes more secure the longer it is, and 17 characters or more is usually enough. If you encrypt sensitive information such as government files, Bitcoin wallets, or private information, 23 or more characters are safer.
3. Passwords can include any character
Some sites may not accept all sorts of characters, but the general rule of thumb is that it is valid if it can be typed on a keyboard. Use a password generator to generate arbitrary and hard to crack passwords. The password generator can also give you a clue of how long or random your password should be. It also lets you see what changes new characters will make to your password security.
4. You do not need to remember all passwords
A survey carried out said that the average person has at least 130 accounts, and logs in on average 27 times a day! Imagine having to remember all these passwords. Worse still, imagine having to use one password for all because you cannot remember all. Enter the password manager. This app lets you store all your passwords, and you only have to remember the manager’s password.
The password manager also automatically fills in your passwords in sites you log on to, effectively protecting you from phishing.
5. Passwords will become extinct
There are ongoing attempts to replace passwords with other authentication techniques. So far, none of the techniques has proof of security. Facial recognition and fingerprints are biometrics attempting to take over, but they are not 100% safe. They are useful in identification but not as good in the authentication process.
Asymmetric cryptography is also called public-key cryptography utilizes public and private keys for encryption and decryption of data. The keys are not actual keys but paired large numbers, which are not identical or asymmetric. In the pair, one key is available to all and is the public key. The other key is private, and either of the keys is able to encrypt data, while the opposite key decrypts the information. Asymmetric cryptography is especially prone to phishing and its security not very secure.
Until someone comes up with a more secure way to store information, is clear that passwords will be with us for quite some time. Hackers keep improving their malicious trade. With every new technology, they up their game to match it. You have to be very careful while surfing the internet, as they are always ready to pounce.
Weak passwords are the Achilles heel of most people. Education on how to prevent phishing and hacking is critical. To be safe, you should:
- Regularly update your computer and mobile applications.
- Make use of a password manager to generate and store strong, random, and unique passwords and automatically fill your passwords in sites to avoid phishing.
- If you have doubts about a site or an email link, do not click on it. Make sure you bookmark your favourite sites.