Passwords and Password Security

3 minutes read
(Last Updated On: January 16, 2014)

Is your password secure enough?

Is your computer secure enough?

Is your wireless and its password secure enough?

Password security is one thing most people fail to apply when creating passwords.

Passwords can be created with a series of simple combinations which make it hard to guess or crack by anyone. Examples include, adding special characters to your password like; (“@~:?}{£$%^&*_+) and number combinations with both UPPER and lower case letters. A simple hard to crack password can be created out of mere words or names example; j@DaM@91. Creating a password like the example above will give a great deal of effort to anyone trying to hack your password combination.

Tips in creating a strong password

However you create a password, avoid using your name, phone number or something related to you, dictionary words or common phrases, as a hacker using dictionary attacks, will be able to compute your password in no time and not much effort.

Windows for example, uses only hashing to encrypt its passwords and its saved in only one location in your windows directory, and when reversed, an attacker will know exactly what your password or passwords are and can use it against other systems (if you are using the passwords in multiple systems).

Unlike Windows, Linux uses both hashing and salting to encrypt its passwords, even if you create two similar passwords of the same phrase, their hashes will look different and can’t be reversed by someone who steals your password tokens.

For email users or those using social networks, passwords keep your account secure, but how secure are you with your password(s)?

Email security

Did you set a mobile number for your password recovery?

Don’t use common names or answers in the security questions as you are giving an attacker a pizza to get access into your account and once compromised, you may not be able to know the level of damage one has done to your account. Create had to guess and acquire security question and answers which have no relation to anything common to you so as to make it difficult for anyone who runs a reconnaissance(information gathering) on you to get.

*And don’t ever click on “Remember Password” when using a shared computer.

Securing Wireless networks

For your wireless, never use WEP password format, as it takes an attacker few minutes to collect your password without your notice. As your wireless access point broadcasts, it also sends signals for password exchange which an attacker can grab and compute your WEP password.

Using WPA or WPA2 Personal is most secure than WEP when it’s not with a dictionary word, but still remember it can be hacked into, but will take no less than 6 hours for a hacker to run numerous forms of dictionary calculation to get your password.

The most secure form for Wi-Fi protection is WPA Enterprise which requires a server authentication for all new connections and certificate issuing and thereby making it almost impossible for anyone without in-depth knowledge of your network to break in.

Best practices

Always make sure any computer having sensitive data is unreachable to anyone even if it has a strong password, it’s a sandwich for an attacker if it isn’t having a BIOS password (BIOS passwords are useless if your computer bios resets when you remove the CMOS battery).

There are software’s that easily override any Windows password and grant an attacker access without your notice and they will leave no trace that your computer was tampered with because your password will be intact. The same can be done for Linux users too.

Remember to keep your most sensitive data encrypted always.

By: Bakary Jadama

CEHv8

Computer Network Security

CCNA Security

CCNA Discovery

Likes:
Views:
576
Article Categories:
Networking

Leave a Reply

Your email address will not be published. Required fields are marked *