How to build the most secure password of all times?

Nikoletta Szabo

Let’s start this article with a really simple simile, just to be on the safe side and make sure that everyone understands the function of a password. If your account is your home, the password is the key, while the login process is the threshold of your home. So if someone forgets the password, it equals with leaving the keys somewhere and if your account has been hacked, than your home has been sacked.

 

 

how-to-make-a-password

 

Two years ago in the USA, as much as 47% of the adult population’s account has been hacked and compromised. This is just one of the hard facts that should make every reader more concerned about the safety of their accounts. However, not everyone is so enthusiastic about the topic of cybersecurity, as it turned out in 2013. It became public that the launch code for the US nuclear missiles was 8 zeros for two decades.  This story begs the question that why anyone else should create passwords more complex than this?

It’s undeniable that we have to take responsibility for our accounts, because the hackers today are so much devious that with some patience and endurance they can crack almost all passwords. Although, the average Internet user has to memorize dozens of passwords for several accounts which make it seem impossible to remember all of them. Many of us use the same password for more than one account that just increases the risk of being hacked, because if the attacker obtains one password, can easily log into all the other accounts.

Some watchful users though, apply lower-, upper-case letters, special characters and numbers thinking that they can outwit the hackers by creating an unbreakable password, but with time they usually forget it as well. But what about the password managing softwares (like lastpass) ? According to a study is seems that people are mistrustful and are not prone to entrust a software. In most of the cases this can be thanked to the fact that they do not understand its operation. Secondly, these services are mainly not free of charge, and we do not like to “waste money” on anything like this. Moreover, if the user forgets the master password or a hacker obtains it, than all the saved passwords are doomed.

 

The ultimate

 

We should use pass-sentences instead of passwords, because they are logically-built-up, making them easier to remember. Deriving from their nature, pass-sentences are longer and more complex, that is why they are more difficult to hack. The longer the sentence is, the harder it is to hack with a bruteforce attack. You can check the strength of your password/sentence using this website.

 

Névtelen

 

 

What NOT to do

 

  • Never use personal information in the pass-sentence, such as names of relatives
  • Do not use just one lexical word multiple times
  • Try not to put the upper-case letter at the beginning and the number at the end
  • Do not use a password similar to the username
  • Avoid giving the most obvious personal information in case of security questions, like your mother’s name
  • Never use your workplace username as a password

 

Why using pass-sentences is useful for your website’s password requirements?

The usually applied password rules involve that we need to use at least 8 characters, low and upper-case letter, special character, numbers and no personal data. On the other hand, pass-sentence requirements are the following: use at least 16 characters containing some upper-case letters and numbers.

 

This practice is more beneficial for the owners of the website, because if the would-be users of the webpage encounter with lots of requirements and fail to pass them for a couple of times they will start looking for other similar sites where the requirements are not as severe. By applying the pass-sentence requirements you will be not only able to provide higher security level for your users, but you will make the registration process hundred times easier. However, it is worth mentioning that the usage of a long pass-sentence increases the probability of typos, so it is recommended not to strictly limit the number of access attempts. The biggest challenge in the implementation of pass-sentences is that we have to make our users aware that this new procedure is just for their own sake, and we have to make them understand the advantages of this system by building customer awareness and responsibility.

 

In one of our previous articles you can read about that sometimes passwords cause more headache than security. That is why the application of pass-sentences is beneficial for both parties.  If there is a golden rule as such, it would look like this: A password is like your underwear, you should always change it. If we are striving for the highest level of security it is suggested to change our passwords/sentences once in every three months.

If you are interested in the pattern analysis of passwords, read one of our developers’ article.

Share your ideas with us about this article

Previous posts

How strong is a „strong” password? 2/2
Part 2   Despite it’s disadvantages, using password-based authentication is still the most common way to identify users on the Internet. The biggest drawback of these methods is that they involve the users. People specify their login credentials whenever they register on a site and people are known to be bad in both specifying and memorizing random strings. I once lost my wallet with my credit card and one of the first questions the administrator in the bank asked me was whether I had my PIN written down on a paper in the wallet. The fact that she asked me about this probably means...
China’s Great Cannon uses Web traffic for DDoS attacks
Most of us might have heard about the strict Internet censorship of China conducted by the Great Firewall, which bans all web requests that threaten their democracy. The browser either shows a blank page or a reminder about the censorship. However, not so long ago researchers found that China is deploying a tool, called the Great Cannon, which is used by the government to carry out DDoS ( Distributed Denial of Service ) attack against websites that post anti-censorship content and other tools that can fool the system allowing Chinese people to visit Western websites, like GitHub. Furthermore,...