Password Guidelines: Creating Secure Passwords

In these past few years, with breach incidents & associated costs surpassing previous years, taking precautions and staying safe should be at the top of the list of users caring for their privacy and security. Choosing a secure password for your accounts is the first line of defense against cyber-attacks and risks of getting hacked, as Securing passwords helps you to keep your personal data and financial information.

Weak passwords increase the risk of brute force and exploitation of your personal data, which can lead to phishing attacks, and identity theft once the bad actors can get a hold of your personal information such as your name, email, phone number, address and other sensitive data. At the end of the day choosing secure passwords for your accounts gives you peace of mind and saves you time and money in the long run by preventing cyber-crimes.

In this article, we are going through a password guideline, on how to choose and store secure passwords to keep your online identity and data safe.

What Makes a Password Secure?

We should first cover what methods hackers use to get access to your data or password and then try to choose a password that protects us from these methods. A secure password is one that protects us from these methods that hackers use to gain access to our accounts.

Brute Force

Brute force is the act of guessing the password repeatedly. In this method the password is cracked by trying every possible combination of characters (not always "every possible" combination though). It requires a lot of computational power and noticeable time. However, as the computers’ availability improves, this methos is more practical to hackers.

Brute force remains the most used method to steal your credentials. It's estimated to account for 80% of all data breaches

How to stay secure from Brute Force?

1. Avoid using common passwords
2. A password with at least 12 characters, containing uppercase letters and lowercase letters, numbers and symbols. makes it substantially harder to guess, even impossible to a degree.
3. Use Multi-factor authentication, This adds a layer of security. SMS authentication is not the safest 2fa option as it can be prone to specific attacks such as sim-swap.

Dictionary Attacks

In this method, there is a pre-built list of words and phrases that are common in passwords and the hacker tries them as the password until the correct password is found.

How to stay secure from Dictionary Attacks?

1. Avoid reusing passwords. Reused passwords might eventually end up in the dictionaries that hackers use.
2. Avoid using common passwords. Common passwords make up to 10% of all breached passwords, so you are at much higher risk if you use these passwords.
3. Use random phrases as password, you can use a password manager to store those passwords.

Social Engineering

Social engineering is the act of using techniques to talk you into revealing specific information such as passwords. Social Engineering remains the most used method that hackers use to gain access to your account, it is accounted for 90% of all data breach incidents.

How to stay secure from Social Engineering?

1. Be cautious about unsolicited phone calls and emails
2. never share your password with anyone whose identity is not verified. Companies, services, and websites usually never ask for your password. So be extra cautious about sharing your password or other sensitive information with anyone.
3. Use Multi-factor authentication, This adds a layer of security. SMS authentication is not the safest 2fa option as it can be prone to specific attacks such as sim-swap.

Password Reuse

This method is used for people who use one password for multiple accounts, as soon as one password is cracked other accounts aren’t safe anymore and can get hacked easily.

How to stay secure?

1. Use a different password every time. Use password managers to keep those passwords.

How to Choose Secure Passwords

Now that we have covered the most frequently used methods hackers use to gain access to your password, we should be able to make a general guideline on how to choose and store a secure & strong password.

A secure password is one that follows these standards:

1. It is more than 12 characters with numbers, uppercase letters, and symbols, an 8 character password which was deemed secure a few years ago, can be cracked more easily now. You can use password vault/generators to generate these passwords.
2. It is not a common password. Common passwords are usually names, dates of birth, places, etc.
3. It is not breached or used previously. You can check if your passwords are in a previous data breach by using HackCheck data breach search engine.
4. You have a multi-factor authentication set up. We do not recommend using SMS as your ONLY multi-factor authentication, as it is vulnerable to attacks itself.

After following these guidelines, you have a secure password which is very hard to compromise. But doing so comes at a downside of having to remember/store the password.

How to Store a Secure Password

Password Vaults like Bitwarden help you generate and store your passwords and access them on any device you need. Cloud password managers are also prone to data breaches (although they are encrypted), so if you don't look for multi device password managers, we suggest offline password managers, such as KeepassXC.

There is another kind of "password managers" that do not actually store your password, rather generate it on the fly based on your username, secret phrase and domain. You no longer must store the password which reduced the risk greatly (either locally or on the cloud) but comes with the downside of being dependent on the app itself. Spectre is one of those type of "password managers".

To summarize,

1. Use Bitwarden for cloud-based password manager to sync your password accross devices (encrypted with your master password)
2. Use KeepassXC for locally kept passwords for a more secure experience
3. Use Spectre to eliminate the need of storing your passwords