Infosec fundamentals 101

What does your Facebook, Instagram, email and bank account all have in common?

They require passwords to verify that you are who you are.

In this digital age, almost every account you create will require you to generate a unique password as they are the forefront of defence against cyber-attacks.

Even when you create a sophisticated password that is hard for people to remember, it may be easy for a computer to crack.

Another problem with frequently creating passwords is that often people will create passwords they will reuse that are simpler to remember or write down, which will weaken the integrity of the passwords.

What are passwords and why am I making so many?

Passwords: The string of characters used to verify the identity of a user during the authentication process.

Most password policies set by organisations naturally enforce the traditional requirements of creating a strong password.

Password policies are generally unique for each company and companies following good security practice should not allow you to use the same (read: old) password more than once.

In some online hacks, the hacker does not target you specifically, rather, they were able to access the database containing your username and/or password, whether encrypted or plaintext.

Immediately after acquiring your email, they will attempt to access other websites with your same login details or the same variation of your password until they either give up or are able to access your account.

Given that we know how some online hacks occur, how do we prevent them?

One easy step you can introduce into our everyday online routine is creating a strong password.

The dos and don’ts of traditional strong passwords

Traditional strong password creation practices have remained constant throughout the expansion and evolution of the internet.

These days, the following dos and don’ts are generally the basic guidelines for making a password.

These guidelines are used when passwords are required to a specific length and require special characteristics before you are allowed to create/modify your account.

Do:

– Have a minimum length of eight characters with a limitation of anywhere from sixteen characters to possibly 64 characters (this could even possibly be more)

– Include both upper-case and lower-case passwords (case sensitive)

-> i.e. the word “Apple” and “apple” are two DIFFERENT passwords

– Use a combination of numeric and special symbols

Don’t:

– Randomly use an arbitrary combination of letters, numbers or symbols

– This is bad because you will forget your password

– Use repeating characters consecutively

– The use of repeating characters may increase the length of the password, however, it does nothing to increase the security of the password

– Dictionary words

– Words that are found in a dictionary are generally considered weak passwords because these passwords may be used during a brute force attack

– Use any personal information should not be found on your password

– Use any previous passwords

Passphrases: the better alternative to yourpassword[more characters]

So, now we’ve understood how to make a strong password, how do you create a password that is easy to remember but hard to hack?

The solution is by creating a passphrase.

A passphrase is simply a series of words, separated (or not) by spaces, special symbols or numbers that is recognisable and is easy to remember for the user.

Passphrases can be sentences from your favourite books/movies/tv series or a random combination of words, numbers and symbols that can be typically memorised by mnemonic devices.

Some examples of good passphrases are:

– Mr and Mrs Dursley of number four, Privet Drive, were proud to say that they were perfectly normal, thank you very much.

– You’ve got to ask yourself one question: ‘Do I feel lucky?’ Well, do ya punk?

– The Ultimate Answer to Life, The Universe and Everything is…42!

– Deskbound-onstage auction audible-detective hassle

These passphrases make great passwords since they are memorable quotes from a few movies/books while the last one is made up of several words that can be memorised with time.

If you’ve gotten this far, Congratulations!

Simple, easy to use passwords that are memorable but hard to hack are now in your grasp, all you have to do is flip to a random page in a book, tune into a random episode of Stranger Things or grab a dictionary and flip to some random words.

If you’re interested in knowing how secure a password of a similar structure is, the website HowSecureIsMyPassword is a great web tool that estimates how long a computer would take to crack your password.

Here are some examples from the previous passphrases we mentioned:

Passphrase Time taken
You’ve got to ask yourself one question: ‘Do I feel lucky?’ Well, do ya punk? It would take a computer about

1,829,369,880 SEPTUAGINTILLION YEARS

to crack your password

The Ultimate Answer to Life, The Universe and Everything is…42!

 

It would take a computer about

2,532 SEXAGINTILLION YEARS

to crack your password

Deskbound-onstage auction audible-detective hassle

 

It would take a computer about

261,703,677,953,615,900 QUADRAGINTILLION YEARS

to crack your password

AUTHOR’S NOTE: These are real numbers!

In the end, a picture says more than a thousand words.

The comic written by the science comic book blogger Randall Munroe neatly summarises how it is better to create a more memorable passphrase than an overly complicated hard to remember password.

If you are still interested in learning more on how to protect yourself on the internet, look out for the next instalment where we will show you how creating a passphrase is as easy as rolling five dice a few times!

XKCD’s password strength comic

Join the Discussion

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts