Hey guys, it’s me @dheerajydv19, and in today’s blog, we will be learning about password security. The topic would be simple to understand but contains a lot of information that most people don’t know. so read the blog till the end.
What is Password Security?
Guess what let’s first understand why we need to learn about password security.
People reuse the same password on multiple websites, it’s ok for general users because they don’t about how data breaches happen and don’t have much technical knowledge, but I have seen a lot of people in IT and Cybersecurity who don’t follow the rules of password security. They also reuse the same password on multiple, not only this, they also do other childish behavior like storing all their passwords in a simple text file, which is really a very bad thing, we will learn about all this in detail, so just chill and read and enjoy the blog.
Password Security Trends
Some trends related to passwords that you must know are as follows -
The most popular passwords are extremely easy to guess
People use simple passwords like password, qwerty, and 123456 most of the time which are easy to guess and easy to brute force too.
59% use their name or birthdate in their password
A lot of people set their password as a combination of their name and birthdays, so you may be thinking what’s the issue in this?
The point, hackers also know this fact so it can be harmful to you. Let’s understand this case.
You recently posted your birthday pictures on your Instagram, and now all of your followers know your name and your birthday, now one of your followers created a list of combinations of all passwords which can be made using your name and your D.O.B, he used that password list for brute-forcing your account password, and congo he logged in since your password was made of name and birthdate only. How would you feel if this happened to you in your real life? Would you be happy, of course not, so stop making these kinds of mistakes.
43% have shared their password with someone
Research shows that people share their passwords of entertainment websites very easily, especially Netflix but guess what? Many people use the same password everywhere, so now since you, yourself shared your email and password of Netflix with your friends and colleagues but guess what? Since you are using the same password everywhere, you knowingly shared your password of your social too, and if anyone of them tries the same password and email for logging in to any other website other than Netflix, and they would get logged in and it can have very serious consequence that I can’t even explain.
20% have shared their email account password
This is the worst mistake that one does. Guess what you are giving your email access to someone which means the person can log in to any of your accounts on any website as every website has forgotten password functionality and they send a verification code to mail in most cases, the person can completely takeover your all accounts and even worse, he can get you logged out of that means you yourself won’t be able to login in your own account?
Apart from that, they can do a lot more than this, they can read all your emails that have sensitive data, and they can cause harm to your reputation by sending emails on your behalf.
Only 45% would change a password after a breach
Breach, listening to this word in today’s world has become very common. Data breaches have increased rapidly but still do not have much knowledge about this like what could have been the consequences of data breaches. Assume a company A data has been breached in 2021, you knew about this but you still haven’t changed your password as your mentality is why would someone hack you instead of targeting some rich people, this is a completely wrong mindset, once a data breach happens, in most of the cases, anyone this database got published in free on many platform including some dark web websites, on hacking forums and on some social too including telegram.
So, what happens is, people have access to this database, what most people do, is they use automation to check if this username/email and password are still valid, if yes they capture that account and ask the owner to pay some fee to get their account back. Also, they can do a lot of harm to you if the someone intentionally targets you by using your account whose password he has got from some data breach. So, always change your password as soon as data breach happens on any platform where you have an account. In order to check for this, you can use website like https://haveibeenpwned.com/
A 12-character password takes 62 trillion times longer to crack than a six-character password
What you can learn from this is, to try to use passwords of greater than 8 characters at least and if possible use 12-character passwords.
MFA blocks 99.9% of all attacks
Most of the websites have MFA but still, people don’t use it as they keep comfort as their first priority and security as their second and which is totally wrong.
Best Practices to follow for securing your passwords
- Choose a strong password, use an automatic password generator, and generate a password with at least 8 characters that include 1 small case letter, 1upper case letter. 1 number, 1 symbol.
- Never reuse the same password on two different websites.
- Use a password manager and if possible host your own password manager via any open source software.
- Down write any store the password in a text file.
- Don’t share passwords with others.
- Don’t log in to your account on someone’s device until it’s too necessary.
- Use 2FA/MFA wherever possible.
- Change your password instantly after a data breach.
- Signup for data breach notifications on websites like haveibeenpwned or keep checking on these kinds of websites once a month at least.
- Pay close attention to suspicious activities in your accounts.
This is it for today’s blog, let me know in the comments if you wanted a detailed blog on best practices to be followed for securing passwords, otherwise, I will write the next blog on a new topic.
Follow me on Twitter: https://twitter.com/Dheerajydv19