Multiple cyber intrusions have been due to compromised weak passwords. Individuals have lost access to their social media accounts due to weak passwords. Enterprises deploy multiple hardware systems (SCADAs, mobile platforms, handhelds) that are sold with default passwords. Once too many, hackers have successfully penetrated networks using references from default passwords lists freely available on the internet. The below are some types of password attacks that can target individuals or enterprises.
- Brute force attacks
- Dictionary attacks
- Credential stuffing
- Keyloggers
- Phishing
Brute force and dictionary attacks are common with weak passwords while credential stuffing relies on passwords of previously hacked accounts. Phishing and keyloggers need an individual to click on a malicious link to install a backdoor. Simple network scanners like Wireshark reveal plain text passwords sent over unencrypted networks. In this light, the question is how you create a more robust password. The tips below could be a good start.
Chose unique words that you can remember easily.
Avoid birthdays or places, frequent vacation spots, or workplace locations.
Statements are much better than single words, thereby giving more protection.
Use unique events only you can easily remember like your parents' first date.
If possible, translate some words into a second language or intentionally misspell.
Most importantly add numbers and special symbols (alphanumeric + symbols)
Example: Dad&MumluveHawai90$% (mom and love are misspelled)
To protect yourself or enterprise further, add a multi-factor authenticator to a complex password. Various sites have adopted text message confirmations or authenticator app codes. Some banks have added smart physical keys (cryptographic identifiers or tokens) to the mix. I would recommend getting an extra mobile number just for your banking needs.
Let's protect our data during this new year. Happy New Year 2022!
Author - Elisha Ngwana, DSc Cybersecurity student
