CYBER WISE ANGELS
Nothing is 100% secure
STRONG PASSWORDS
What is a strong password nowadays?
WHY CARE?
In today's day & age, passwords can be cracked very quickly if they're not strong enough! So it's important to keep yourself up-to-date with the latest requirements.
If you don't have strong passwords on all of your accounts then one of them may become compromised in an attack!Â
If an account is compromised it can lead to the account being deleted or used to attack other connected accounts in your name. You might also lose your bank details and sensitive information leading to identity fraud, theft, blackmail, and at least some emotional trauma.
WEAK PASSWORDS
Passwords can be made up of any combination of characters. Though, we try so hard to make them memorable that we almost defeat the purpose of having one!
There are a few things that will make your password especially weak though... These include: common words, dictionary words, swapping out letters for similar looking numbers & symbols, not making it long enough, and not using a variation of upper case, lower case, numbers, and symbols.
TYPES OF PASSWORD CRACKING
Social Engineering – A broad topic which includes manipulating or tricking someone into providing their login credentials. Phishing is the best example of this. You might receive an email requesting you to login to an account through their fake web page. They then get your credentials and forward you to the official website.
Brute Force Attack – Literally attempts every possible password combination until it cracks the password. Can take a long time though, especially if your password is strong. Ideally you will have updated your password by the time the old one is cracked.
Dictionary Attack – This type of attack uses a computer program to attempt every possible word from the dictionary and a list of common words. Variations of these programs will include numbers and symbols too. So, if you have only swapped out letters for numbers & symbols which look similar then you will not be safe from this method.
Rainbow Table - This attack uses algorithms to crack the password. In short, your password is encrypted using one of the various encryption methods. Some of these make a numerical value to sum up your password which the Rainbow Table algorithms can work out and decrypt.
Key Logging - Involves installing software onto the target's device which will record the users keystrokes. It saves every key you press into a file which the attack later scans to find sensitive data, i.e. passwords.
BRUCE SCHNEIER METHOD
Bruce Schneier is an internationally renowned cyber security professional. He has published books, delivered TED talks, and played a major role in the journey of cyber security.
Several years ago, he published a method of creating a strong password which is still effective today. It's quite simple and offers a good balance of security and memorability.
​
Simply put, the Bruce Schneier method is implemented by thinking up a sentence. You then abbreviate the sentence and mix in a few upper case characters, numbers and symbols.
Using this method allows you to think of a sentence which you can remember and how you will convert it each time you need to input a password.
For example, "I walk the dog to the shop and back" could become "iw4tHd02thesHAn6A"
or
"We have 100 tiles on the roof" could become "We$Ha&100%Ti50On49Th48Ro"
3 RANDOM WORDS
Similar to the Bruce Schneier method, the 3 Random words method is done by thinking of 3 completely unrelated words, abbreviating them and adding in some upper case characters, numbers, and symbols. Â
For example, Desk, Pluto, Orange, can be combined into one passphrase. This phrase would look like "DeskPlutoOrange". However, that's still not strong enough for today's standards. So it is still important to mix in some numbers and symbols. The passphrase might then look like "De500skPl$%utoOr2@ange".
Also remember to mix up where the uppercase characters are (don't just put them at the start of every word).
So the final passphrase adaptation might look like "de500Skpl$%uToor2@anGe".