How to Create Strong Password and Remember It
- 1 Introduction
- 2 How Passwords are Hacked
- 3 Trojan Horses
- 4 RAT
- 5 How Can You Create Strong Passwords?
- 6 Don’t use commonly used passwords
- 7 Don’t use names and personal information.
- 8 Don’t use the same passwords across multiple websites.
- 9 Use Bruce Schneier’s Method
- 10 Use the PAO Method
Your passwords grant access into your digital kingdom, so you are probably thinking, ‘how should I choose the right password?’ to protect your accounts against these cybercriminals. It is always advisable to choose and use strong passwords—and of course, remember it, what’s the use of using a password you don’t remember?
The most important two passwords are those for your email and social network accounts. If someone gains access to your email account, they could use it on other websites you’ve signed up with. And even though you put a different password, there is an option in most of the sites which is “forgot your password?”. They can use it and the website will send a new password to your email. Since they have access to your email, they can easily reset it and use that website too.
The other websites they can use are online shopping websites (where your payment details are saved) or banking sites. If a hacker gets into your social networks, they would have the ability to scam your friends or even hack them too.
How Passwords are Hacked
Here are some of the conventional techniques which hackers use to hack your passwords.
One of them is phishing. Phishing is a cyber-attack that uses disguised email. The goal is to trick the email recipient into believing that the message is something they want or need. It can be a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
Most of the time, they will send an alarming message such as: “We detected unknown IP access on our date base computer system our security requires you to verify your account for secure security kindly Click Here and verify your account.” The moment you click what they want you to click, it will show a login page. It usually looks like Gmail and Facebook login page, and as soon as you type in your login details, your password will be now available to the hacker.
This is one of the basic tools used for getting your passwords. Keylogger resides in your system memory and runs at every startup. These keyloggers log all your keystrokes.
Keyloggers are a severe threat to users and the users’ data, as they track the keystrokes to intercept passwords and other sensitive information typed in through the keyboard. This gives hackers access to PIN codes, account numbers, passwords, email ids, email logins, and other confidential information.
Keyloggers are connected to phishing. They are usually installed when a user clicks a link or opens an attachment/file from the phishing mail. They can also be installed when the user visits a malicious website.
A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network.
It acts as a bona fide application or file to trick you. It deceives you into loading and executing the malware on your device. Once installed, a Trojan can perform the action it was designed for.
You usually get Trojan Horses from FREE software. Who doesn’t want a FREE software, right?
FREE software usually needs patches or keygens—and that’s where the trojan horse often is. Usually, to install a patch you need to turn off your antivirus.
Turkojan is a famous Trojan horse. A trojan is much more superior compared to keyloggers or RATs. It provides much more functionality so that the hacker has greater access to your PC.
A RAT or remote administration tool is software that gives a person full control of a tech device, remotely and without your knowledge. The RAT provides the user with access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.
Hackers can also copy files from your hard disk to their computers.
A good example of RAT is Poison Ivy. Poison Ivy is designed with spying capabilities as it can monitor victims remotely and steal user credentials and files. It is often spread through malicious Word or PDF attachments in phishing emails.
How Can You Create Strong Passwords?
Traditional Password Advice
Choose a password that is long enough. It should be a minimum of 12 to 14 characters in length. The longer the better. Include numbers, symbols, capital letters, lower-case letters. Your password shouldn’t be seen in the dictionary. The sample of this is…defibrillator… wait, who’s going to use the Defibrillator as their password? We’ll never know. Maybe a nurse who loves defibrillators? The point is to avoid using dictionary words. Also, don’t rely on obvious substitutions like d3fibrillator. Try to mix it up. For example D3fibri77@t0r2020 – it’s 17 characters, including capital and lower-case letters, symbol, and numbers.
Use Two-Factor Authentication
Two-factor authentication (2FA), two-step verification, or dual-factor authentication is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user’s credentials and the resources the user can access.
With two-factor authentication (2FA), you get an extra layer of security that hackers can’t easily access, because the criminal needs more than just the username and password credentials.
Don’t use commonly used passwords
Here are some of the most common passwords:
Don’t use names and personal information.
Do not use a derivative of your name, family, or pet. Do not also use phone numbers, address, birthday, social numbers, your partner’s birthday, etc.
Don’t use the same passwords across multiple websites.
Yes, it would be hard to memorize all those super-secure passwords you came up with. To remember them, you can sign up for a password management tool.
Some of these password management tools assimilate nicely within your browser or even on a mobile device. The encrypted data is stored safely, and passwords are retrieved easily. In almost every instance, a password manager is the best way to go. You might only notice inconveniences when you’re logging in from a different device or a spot where you can’t access the service.
Use Bruce Schneier’s Method
American cryptographer, computer security professional, privacy specialist, and writer Bruce Schneier recommends a way to come up with a secure password. It that goes like this: Take a sentence and turn it into a password.
The Quick Brown Fox Jumps Over the Lazy Dog = Th3QbFoxJoverTLD06
Somewhere over the rainbow = +?overtr@inb0w
Fly me to the moon = fly::m3::2th3m0on
Use the PAO Method
The Person-Action-Object System (or “PAO” System) is a popular method for memorizing long random numbers and decks of playing cards. The PAO system is similar to the person-action Dominic System, but it adds an object to the images.
To do this…
Select an image of an interesting place (Aokigahara Forest). Select a photo of a familiar or famous person (Chace Crawford). Imagine some random action along with a random object (Crawford jogging and eating at Aokigahara Forest).
The PAO method of memorization has cognitive advantages; our brains remember better with visual, shared cues and with outlandish, unusual scenarios. Once you create and memorize several PAO stories, you can use the stories to generate passwords.
For example, you can take the first three letters from “jogging” and “eating” to create “jog3at” Do the same for three other stories, combine your made-up words, and you’ll have an 18-character password that’ll appear utterly random to others yet familiar to you.
Creating strong passwords may seem like a long, complicated task, especially when the recommendation is to have a unique password for each site you visit.
Passwords you can’t remember are useless (that’s why it’s advisable to use password management tools!). But passwords that are too easy to remember can be easy to guess or easy to get hacked.
Use all the pieces of advice here, and you’ll be able to create your own strong, long, memorable mixed-character passwords.