“I don’t have a secure password, because I have nothing to hide” is, sadly, something I hear oftenly. But why should everyone use a secure password?, why is this so important?: This question is a no-brainer. Over the last few years, social networking has become part of our lifestyle. We share moments with others, and have a public social image that we like to, somehow, control or manage the way we like.
But hackers know this. Hackers are on the hunt for new vulnerabilities and ways to make profit using social engineering.
In the LINUX world, it’s oftenly said the best antivirus is common sense. With online scams, it’s more or less the same. But first, before we identifying those threats, we should start by securing what is ours, making sure we make things overly difficult for hackers to just flip our doorknob and have access to all our social content, to our system, to our bacups or even worse: To our financial information, because let’s make this clear again: hackers are after money and money is what they will look for.
I wanted to create this post to concienciate about password security. There was a time where you had a couple of accounts and that was it, but over the years, this got more compicated: Forums, multiple e-mail accounts, social networks, banking… all of those services require a kind of login information and it would be a tremendous mistake to use the very same one on all of them. We can strengthen security using double step authentication (mor about this on a future post), but not all platforms offer this option.
“yeah, but there’s no way to remember hundreds of different strong passwords by heart” – That’s totally true.
Hackers (god, I hate using this term to speak about the bad guys) use brute force attacks in order to login into your accounts. The method is simple: they get a dictionary, which is just a plain text document full of words and try, one by one until there’s a match with your password. This methods are slow and usually have countermeasures ready: That’s why after 10 tries, iPhones get locked and erase their memory.
There are some simple systems to make passwords both different and also easy to remember, hence lowering the brute force attacks chance of success: for instance, you can make different passwords using a base, like, for instance, your name backwards, plus your birthdate and a symbol in between: “noelnomanoj+20010612x” is a pretty secure password and i’m sure i should be able to remember it. Ad to this password the service or page you are going to use it with, like “noelnomanoj+20010612x-gmail” and you’ve got a unique password, different from the other ones you might use somewhere else.
Or you can go with random password generators:
On linux, you have console tools like pwgen, makepasswd… etc
… But they will be impossible to remember by heart.
There’s a web where you can test your password’s toughness to have an idea of how to tailor your passwords and how long time it would take for a computer to crack it using brute force attacks and word combinations: https://howsecureismypassword.com
See the lock on top of the bar?: this means your password is safe when you input it on this web, at least while travelling to their server. As you can see, the password I tailored before is quite secure and would take 573.000.000.000.000.000 years to crack it: good luck.
I consider a “strong” password would have a combination of:
- Special Symbols
- 12 or more characters long
But…. how to remember multiple, unique, strong passwords, different for each site and on a safe place?: you can go with the traditional way and have all on a phisical notepad, written in paper, or you can go with password storage services like lastpass, https://lastpass.com or 1password: https://agilebits.com/. However, these online services are massively attacked by hackers and some of them have even sucumbed to them: http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571 . It is because of this keepass exixts and is my preferred alternative, but more about this option on a future post.