Here’s How Hackers Steal Your Password and How You Can Create a Safer One

/in


Every year the private digital security company NordPass publishes a list of the most popular passwords across 30 countries. And as always, the current list from 2022 also contains shockingly simple ones. The top five are: “password,” “123456,” “123456789,” “guest” and “qwerty.”

Needless to say, these are weak passwords—but what makes a good one? Most people know a few rules of thumb: it should be as long as possible, contain special characters and not be a simple word. You should also change it regularly, choose a different password for each user account and never write it down. Meeting all these requirements at the same time seems almost impossible. And once you have found a good password, a website may not accept it: either it is too short, contains an illegal character—or is somehow too long. PayPal, for example, does not allow passwords longer than 20 characters. These restrictions make password selection extremely frustrating for most users.

For their secure password requirements, many Internet service providers rely on 2003 guidelines published by the U.S. National Institute of Standards and Technology that recommend passwords with as large a mix of special characters, uppercase letters and lowercase letters as possible. Bill Burr, a former NIST employee, created these guidelines but has since told the Wall Street Journal that he regrets many of these recommendations. That’s because forcing people to change passwords and requiring them to use special characters often lead them to choose easy-to-remember (and therefore insecure) passwords that follow a particular scheme or pattern. For example, “password1” is no more secure than “password.” Thus, NIST has now revised its guidelines, but not all providers have followed suit. Very often, you are forced to use special characters, numbers, and uppercase and lowercase letters in a password.

How Are Passwords Cracked?

To learn how to choose a secure password, you need to understand how hackers do their work. The simplest approach is to systematically try all possible password combinations in what is known as a brute-force attack. Fortunately, it is rarely possible to log in to an online…

Source…