How secure is my password?
Your passwords are the keys to your online homes – they give access to your social media accounts with personal information, and access to all of your connections, your financial details and data from your workplace. Depending on the access you hold, this can include anything from company bank details to private information on your co-workers and customers.
One of these keys falling into the wrong hands could be even more disastrous than having your car or house keys stolen, which is why passwords are often a primary target for cybercriminals.
How do hackers get your passwords?
To best understand how to make your passwords stronger, you need to know what you’re protecting them against, and there are 3 main forms of attack:
- Brute force attacks
- Dictionary attacks
Brute force attacks
The least nuanced of these attacks, the non-digital equivalent of this would be trying to guess the combination to a safe by trying every possible sequence, only cybercriminals have created software that can try billions of combinations per second.
How to protect from brute force attacks
- Make it as long as possible, this will mean brute force software would need to guess a much longer sequence.
- Use a mixture of capitalisation, symbols and numbers, but avoid common substitutions such as replacing o’s with 0’s.
- Avoid the obvious keyboard paths such as 1234 or qwerty – these will often be the first combinations brute force attacks will try.
This attack does what it says on the tin, really – a dictionary attack tries to guess your password from an established list of words. If your password is a standard word, particularly an obvious one such as “password”, then you’re likely vulnerable to a Dictionary attack.
How to protect from dictionary attacks
- Create a password that uses multiple random words together rather than just one and choose these words to be as unusual as possible. Your multiword password can be made up of proper nouns, words you know in other languages, or even just words that make you smile to fortify them against a dictionary account – for example, Canterburymuffinduck.
- Use the sentence method – if random sequences are too tricky to remember, create a password with an easy to remember sentence or song lyric but only take the first two letters of each word. For example, Here Comes the Sun would become HeCoThSu.
Phishing is different to the other main password attacks because they don’t rely on your password being hackable, but rather you handing your password over to a hacker unsuspectingly. Phishing attacks can be via test, email or even over the phone and they can be really convincing. You can learn more about phishing in our article .
How to protect from phishing attacks
- Avoid entering your personal details unless you are 100% confident of who you’re giving them to. This won’t always directly be entering a password, but also personal details that could be used as security questions and even in your passwords themselves.
- Don’t use personal details such as birthdays or pets names in passwords in case you do fall prey to phishing and give away these details.
- If you do fall victim to a phishing attack, you will need to change your passwords immediately.