Forgot your password?… Let’s reset with the whole concept.
So what is your Password? PassWord PassssWord1 Paasword9876… or Names of favorite sports personalities, celebs, and even brands are used as passwords by so many people. And then random posts, messages, and comments from your account, getting locked out of your account and so many other horrible situations people end up in.
So why is it that today when not a day goes by without hearing of an online account breach that we continue the adverse practice of keeping weak and predictable passwords. For which, the most common argument being:
- How am I supposed to remember so many passwords?
- This cannot happen to my account (which is by far the most thoughtless argument anyone can come up with)
- No one can guess what my password is.
If you are thinking that no one on this planet can guess your password, don’t worry they don’t have to take the pain to do the guesswork, there are algorithms, software and even experts who can cause nightmare level harm to you, your online presence and your data.
The first rule of safety whether it is physical or virtual – Your Safety is in Your Hands!
What To Do?
- Go the ‘alphanumeric’ way.
- Keep different passwords for every login you have. (Can’t emphasize enough on this)
- Use sentence or phrases, these are called ‘Passphrases’. For Example: ‘I like gazing at the stars and moonlight is bliss’. The sentence does not have to mean anything or needs to be correct verbally or grammatically, it should be just remembered by you and you should purposely misspell some words which will make it harder to crack.
- Using Multi-factor authentication: MFA wherein the user id, password, and a time-bound token or OTP will be required to gain access. MFA should be used wherever the option is available. For work purposes wherein Cloud services are used MFA is a wise choice to authenticate the login.
- If you use Google or Facebook login – to login into different online platforms, websites, etc then use a secure password for Google and Facebook login. Change the Google and Facebook password every few months – say once in 3 months. Keep a different timeline to change the password for both or any such platforms. MFA or 2FA will also give you the freedom where the password might be 4 characters long and the OTP received on phone or email will provide the extra security against unauthorized access.
- For Bank login – change your password every 180 days or so (nothing specific about 180 days).
- For Social media and Email – change the password at least in 3 months.
- Use trusted password managers but be wary of using any service blindly.
- Security questions – If you are selecting security question as – What is your Mother’s maiden name? No one is going to hang you for answering that question with a completely irrelevant answer. You can keep the answer as – ‘5T0ficEj’ , ‘G@ngA’, ‘$w@mm!’, ‘R0binMaria’ (and then remember it).
You can use Text to Hexadecimal converter e.g. ‘Ganga’ to ‘47616e6761’ or SHA1 Generator – <‘Ganga’to ‘aefd2ef64c405c930bbc320498d71d3c2e09e64a’. It is a walk in the park to find out the names of your parents, children, spouse, car, etc as well as relevant dates, registration nos., birthplace, residential city or area and absolutely any static information.
What Not To Do?
- Using same or similar password for almost every login.
- Never use – Dictionary password (a Dictionary attack is the most common and the first go-to choice of any breach being executed). What it means is that any word that you can find in the dictionary, forget about using it.
- Never use – Passphrases which are proverbs or idioms since these can be again cracked with simple logic of obvious choices. Obvious like – ‘Praise the Lord’ or any other connotation which is in regular usage.
- Never use – birth date, combination of dates of your family and friends and pets.
- Never use – digit combinations of your ID proofs – Aadhar Card, PAN card, Passport, Driving license, Electricity bill no. etc.
- Never use – name of any brand, celebs, personalities, places, things you like, etc (this might sound childish but make sure to do a reality check of what your passwords are).
- Never use – Sequential or coded logic password with either alphabets or numbers with the pinch of uppercase and lowercase. For Example BDf975@$^ – Here you might have guessed that the first three characters are – alternate alphabets, next comes number from 9 in descending order (which again leaves you with only using odd numbers and then the special characters which on a QWERTY keyboard are on alternate number keys). If you are smart so is the other guy. It is highly discouraged to use such tricks for your password, odd or even use both numbers, use alphabets both upper and lower case, use special characters. Don’t fall into the pattern of using a combination of the same letters every time you keep a password.
- Stop saving every single password of yours on Google (when it asks you, would you like to save your password).