ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Passwords: The Keys To Security

Updated on February 2, 2018

Let's take on the subject of passwords (also known as keywords, keys, secret words, secret passes, ID phrases, passphrases, and others). They are the cornerstone of security for every person out there. Despite the myriad of sites on the net giving advice and warnings on the do's and don'ts of keyword crafting, statistics show that too many users are still utilizing weak passwords to guard their data. Although some of the advice on this article has been written many times before, we hope that some parts will provide you with some original output. Let's start with what you shouldn't do when choosing a password:

  • It's been written many times, but I'll state it here once more: you should stay away from using easily recognizable or personal information about you, your family, friends, colleagues or your loving pet. You'd be surprised how easily info such as name, birthday, phone numbers, family members and other details can be accessed. Because this info is easily attainable, it makes your identification phrase very simple to guess.
  • Do not use any one single word in a dictionary or a number written in letter form. Many password cracking software use dictionary based attacks to solve your passwords. One example is ophcrack*.
  • There are multiple sites with lists of some the most common passphrases utilized today, like passwordrandom/most-popular-passwords*. Do a Google search, and try to find sites that have more than 25 to display. Don't use a commonly used keyword...don't be that guy/gal.
  • Do not store your secret codes in your browser, computer, phone, tablet (any data storing device) or an application used for storing them, even if it comes embedded in your device. As convenient as it is, it is also very easy for the wrong person to take control over that file. Secret passes should be stored in hard copy or a separate, secure device, like an encrypted USB or hard drive. However, you should still take caution not to write these clearly. Write them in a way that only makes sense to you.
  • Do not use the secret code twice for any site and avoid using your network SSID as your passphrase. An ill intended person can try to use your password against other sites you visit, to see if they can get access. And your SSID (Service Set Identifier) is visible by all devices in range.
  • Do not leave default usernames and ID phrases on any device that comes with these predetermined. In fact, make sure to change these parameters as soon as you start utilizing the system. One example of a site with default device username and passwords is urtech*.
  • Try not to use password managers, as convenient as it may be. Your passphrases stored in any hands other than your own can ultimately become a disaster.

Below is some (hopefully original!) advice for creating strong passwords that are easy to remember, yet difficult for others to crack. Keep in mind, that all methods below are known to crackers, but exposure can be avoided, by not having a distinguishable pattern (for example, if you like using book or movie titles, consider changing around the word order, but don't make a habit of using titles for every account, especially not if they happen to be your favorite ones):

  • Many mishaps and lots of math have surprisingly proven that "ThisIsMyPasswordYouWhiners!" is actually harder to crack than "PT56%@w3". Reason being that longer passcodes are more difficult for software to solve than shorter complicated ones. Whatever it is, make sure it can only be ciphered by you (make it hard to guess).
  • Favorable keyword format is a combination of letters (small and capital), numbers and symbols. But as complicated as this sounds, it is actually fairly easy to implement. Example: HeyWhatsUpDock? can be H3yWhat$UpD0ck? (E=3, S=$, O=0, A=4 etc)...just use your imagination, but be aware that word - letter substitution, is very common.
  • You can replace part of the secret word with a numerical value, as displayed on a phone dial. Example: HeyWhatsUpDock? can change to HeyWhatsUp3625?
  • You can take a phrase and switch the words around so that it makes no logical sense. Example: UpWhatsDockHey?
  • You can use a combination of the above examples to create complex, and hard to crack, but easy to remember passcodes: Example: What$Hey3625Up?
  • Recently, a lady was interviewed who I felt had a wonderful idea; she used short-term goals as her passwords. As soon as she reached one goal, she created a new one. She ended up saving enough money to take the cruise of her dreams. Your passphrase doesn't have to contain goals necessarily. It can be anything. You can get very creative with this method.
  • You can prioritize the complexity of passwords depending on how important privacy is for each account. Example: Email and money exchange accounts, like Amazon, Paypal or the email account you use to communicate with business partners, should be more complicated than a forum membership key.
  • It used to be advisable for users to change their password or pin every year, then it became six months and now it's advisable to do so every three months. For businesses or sites engaging in financial transactions, it is recommended to do this update once every month at this time.
  • Try to avoid using sites that test the strength of your key phrases. They are simply unreliable, a statistical result of many tests. Consider using a password manager, but try to keep it outside of your system, on an encrypted USB, hard drive etc. Make sure to create the most complex passcode possible for that manager, if you choose to use one.

Biometrics are also on the rise as a method of identification, an added level of authentication and security, however they are still very expensive to implement and at this point, not fully approved as a method of recognition by a system, because statistics have shown that the cheaper (in comparison to retina) fingerprint readers, can produce many false positives. With biometrics, you can have an excellent added layer of security. But it really all depends on how much someone is willing to spend on such a system.

Really hope I didn't bore you with a popularly repeated subject. Much like anyone else in this industry writing about this, I am trying to help bring awareness to people and help contain weaknesses in security. Remember, the weakest link isn't the machine....it is the person behind it.


* The above sites are only mentioned as examples, NOT endorsed. 
That’s why only their name is there, not the full link. 
You have full responsibility when visiting any of these websites. 

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)