What’s in a password?

posted in: General | 0

If you have ever heard the story of Alibaba and the forty thieves you already know how crucial passwords are.  In the story, Alibaba finds himself in a cave which holds jewels and gold behind a magic wall. The magic wall would open only when the magic spell was spoken. “Open sesame!” said Alibaba and the door to the great treasure opened before him.

This is an old example of how passwords were used back in the days to gain access to some secret place. However, the use of passwords as we know them today has not been the same. In this virtual world of computer networks, social networks, and the internet, passwords have become crucial in protecting your identity and managing access to the sensitive information your computers or websites hold.

What is a password?

A password is basically a unique word or a set of characters that serves as a way or a key to gain access to a network, a computer, or information stored on a website or computer system. A password ensures that a computer or the data stored on the hard drive can be accessed only by the authorized person with the correct credentials who prove their identity.

What is a strong password and why should you care?

First lets discuss what makes a password strong or weak. A password’s length in characters and the way it's structured using the combination of letters (upper case and lower case), symbols and numbers are what makes a password strong.  So what makes it weak?  If the password is a simple single word, a well know phrase, or ever a combination of the two, can often give the person who doesn’t have the proper authority quick access to your data.

Most people when assigning a password want to use the password without having to "think" (recall) about what the password is.  Some people will store their passwords in a secondary file and fail to assign a password to the secondary file.  If you don’t protect your passwords, you’ve increased the chance of compromising the very data you want to protect.  Additionally, there are plenty of websites that track and record passwords that are used by people.  This information, stored in what’s commonly called “Rainbow Tables”, can be used to break through the password-protected file. These Rainbow Tables are available for a small fee and some of them actually are free to anyone who wants to wait for the download to finish. A collection of tables can be quite large (terabytes of data).

The basic concept you should think of is if a hacker stumbles upon your password it should look like a string of completely random characters and not even remotely close to being a password so the hacker isn’t tempted to even try the password in the first place.

Looking at each of these characteristics of a strong password, it is clear that the longer password you create the stronger it is unless of course the characters simply spell a word or might be a combination of words squeezed together. In the old days, a password was only 8 characters long. Today’s password needs to be much longer. Fourteen or more characters would certainly make it much stronger and may even stop the hacker from attempting access because it comes off as too much trouble.

However, with longer passwords, such as one with fourteen alphanumeric characters, are not easy to remember (Don’t worry! Further in the article I’ll explain to you how to create and remember a strong password in five simple steps.).

For now, let’s shift our focus on the next characteristic of a strong password i.e. a combination of letters, numbers, and symbols.  The more variety you add in the characters of your password by using different types of characters the harder it is for hackers and the hacking programs they use to guess or crack your password. Keeping your password simple sounds cool but the best password is built with complexity in mind.

Creating a strong password the easy way:

  1. Write down a sentence that you can always remember:

There is probably a sentence or two that you can easily remember. Here, for instance, might be one if you like the outdoors “I love hiking in the woods during the spring months.”

  1. See if you could use the phrase directly:

Check with your computer system or online portal for which you are creating the password if the phrase can be used as a password. If yes, use the passphrase directly. Not only is it long but it also is a completely random string of characters.

But what if the system doesn’t support such direct use of passphrase? What can you do?

  1. Convert the phrase to a password:

If the system doesn’t support your passphrase, convert it into a password. Here’s just one method on how you do it:

Take the first letter of each word of the phrase that you want to use and create a new word that makes no sense whatsoever.

For the example phrase used above, here’s what you get on converting it to a password – “Ibpximaq”. So your sentence now looks like this:

Ibpximaq Ibpximaqove Ibpximaqiking Ibpximaqn Ibpximaqhe Ibpximaqoods Ibpximaquring Ibpximaqhe Ibpximaqpring Ibpximaqonths.

Now doesn’t that look like a long, crazy password? You could just apply the “custom” word (Ibpximaq) to the first word of the phrase…the “I” in this case and leave the rest as they are. The time spent trying to figure out what the custom word is might be enough for your firewall to trigger an alarm of a possible intrusion.

  1. Adding complexity:

Now to make the password more complex, use a combination of upper case and lower case letters and add numbers. The passphrase on adding complexity would seem like this without the use of numbers  – “I LoVe hIkiNg in tHE wOOds DurinG thE SprIng monThS.”.

Add a few numbers and this is what you get:

“I LoVe hIkiNg in tH3 w00ds DurinG th3 SprIng monThS.”.

The letter “e” is substituted with number 3 and the two “O”s in the word “woods” have been substituted with two 0 (zeros).

There are other ways to continue to add complexity to your passphrase.  Add misspelled words in the passphrase.  In case of the shorter password, here is what can be done to make it more complex – “I0px7ma3”.  New numbers are added to make it more complex and to increase the length of the characters in the string.

  1. Special characters:

Finally, you can either substitute or add new symbols or special characters in the string. Here is the improved version of the above password – “I0@x7m!a3”.

This new password has a combination of upper case and lower case letters, numbers and special characters. It’s seen as a completely random group of letters, numbers, and special characters bearing no meaning thus making it difficult for a hacker or a hacking bot to guess.

Why should I bother creating such a password?

Well, here’s the most important part that I want to address through this article. You know that a password protects you (and your data) from data thieves, snoopy-people, and hackers who are constantly trying to get through the firewall so they can get access to the sensitive data on your computers or external devices. But then again, if a hacker or a hacking bot can get through a password protected system what is the point of protecting your system with a password at all?

I’ll explain it to you with a simple analogy of a burglar.  Just like a burglar, a hacker is in trying to get in your system only to get to your valuable property and get out of there as quick as possible. I mean, most burglars don’t break into your house to do the dishes or clean your house. They want the same items that mean the most to you.  How do they figure out what's the most valuable "item" to you? Easy. It’s based on what item they can quickly take before getting caught and how fast they get that item sold.

Now, let’s put ourselves in a burglar’s shoes. You don’t want to mess with a large, hungry, and overly protective Rottweiler guarding a house, right? Or a business with several obvious cameras installed, do you? No. Instead, you would pick an easy target like a house without any alarms, dogs, or any hi-tech security cameras.

The house guarded by a Rottweiler is your system protected by a strong password and a system with a weak password (or none at all) is like a house with its doors unlocked and a sign in the front yard that reads “Come on in and take what you want!”.

The last step after creating a strong password is testing the strength of your password. You could easily do it using any of the available tools online. There are non-recording password checker tools on the internet. Use one to check the strength of your password. It's as easy as pasting the password in a box and pressing “enter” on your keyboard. Not only will most websites report back to you how strong the password is but sometimes they’ll give you other possible choices to make your password even harder for a hacker to figure out.

In a nutshell:

Protecting your system with a strong password doesn’t mean complete elimination of the risk for an online attack. But using a password is a way of making your system a less attractive target. If you want to make access to your data even harder use encryption with a password.  Encryption is not the same thing as a password, but using one or the other gives you better protection. But using two combined protection methods is like taking your most precious family heirloom, putting that item in a small safe, then placing the small safe in a larger safe continues to protects the heirloom from not only a thief but maybe a house fire too. You now have doubled the protection.

Coming Up:

Be sure to tune in next time as we explore encryption and its powerful process in making it harder for data thieves to get in or take your information. Also…later this year we’ll talk more about 2 factor authentication and ways you can use your cellphone to further protect your information.