You’re as safe as your password strength

Sangeet Toor

The number of consumer web services and mobile applications has grown exponentially in the past five years. The run to the infinite number of consumer applications started with Yahoo and Gmail accounts. Orkut, Myspace and Facebook fever caught hold of people in the 2000s. As the Internet started to reach millions of people in India, bringing in numerous web applications into the daily life of an average person, general awareness on the password hygiene fell short of breath early on. While tech giants like Amazon, Uber, Walmart (Flipkart), etc. churned their inner wheels to have these millions of people use their services, an individual is deluged with new IDs and passwords and it is a real struggle to survive the numbers and complexity.

SplashData’s recent 8th Annual Worst Password List shows that 123456, password and 123456789 are the top three worst offenders. Consumers are setting easy-to-remember and hence easy-to-guess passwords. According to another research by DashLane, ‘Password Walking’ is as easy to guess as 123456. Password walking is setting a long and complex password by using numbers, letters and special characters adjacent to each other. For example, 1qaz2wsx is as vulnerable as iloveyou. Another easy way that consumers fall for is choosing spouse name, child name, or their hobby as their password. So HarpreetKaur is a poor password. Similarly, choosing password from popular culture is a bad habit, for example superman, chhotabheem, mumbaindians and kings11punjab.

Apart from the choice of a password, what determines its safety is how often the passwords are changed and if old passwords are being reused. A complex password tends to get more vulnerable with age; and reusing an older password to replace the current password (which is also old by now) is not recommended. As I talked about the number of applications that need passwords, using the same password across multiple platforms will result in what is called a ‘Domino Effect’. A hacker will have to steal your credentials from just one account to access your accounts on the other platforms. A good analogy is that you go on vacation by locking all the doors in your house with the same key.

The truth is that even if an individual is aware that the password needs to be complex, it is hard to remember 10 distinct passwords for 10 different applications. If all the passwords are somehow remembered, it is another mountain one has to climb to match those passwords with the correct account. Regardless, there are some tricks and tips to survive the memory lapses.

Passwords are the first line of security in keeping your accounts, your information and your identity secure. Imagine your house with a small old lock at the front door. The condition of the lock itself will attract intruders. On the other hand, a robust or smart lock will deter at least those who came looking for easily breakable locks. Now go ahead and set your passwords right.

Lock it like this

• A good password is at least eight characters long
• Is a mix of uppercase, lowercase letters, numbers, special characters
• Is not older than a year
• Is not reused
• Is memorable

Getting it right

• If you are great at remembering random, unintelligible set of characters, please do yourself the favours.
• Passphrase: you are probably the best at remembering phrases. Let’s say your favourite phrase is I love bapu and bebe. Step one is ilovebapuandbebe. Now add numbers and special characters to this passphrase. !Lov3b@9u&beB3. There you go!
• If you are not good at remembering many passwords, a password manager is a good choice for you. Just as we pay for services, it makes perfect sense to pay for a password manager, a digital assistant that generates random complex passwords for you and remembers them. All you will have to remember will be a master password.
• In any case, it is a good idea to turn on the multifactor authentication or two-factor authentication for all accounts. It is a secure way in which a code is also typed to access the account besides a password. The code is mostly sent to the phone number you use.

Dos & Don’ts

• Don’t share your password with anyone. According to a McAfee survey, 84 per cent Indians share their passwords with spouses, family and friends.
• Never write your passwords down.
• Keep social media passwords separate from email account passwords.
• Change your passwords at least once a year.
• Don’t use dictionary words as passwords.
• Never ask your browser to remember the password.