Managing all your passwords can sometimes feel overwhelming. Passwords are the key to almost everything you do online and you have multiple passwords to deal with that you use in your daily routine i.e. Email, social media, file-sharing, banking and e-commerce. Choosing hard-to-crack passwords and managing them securely can sometimes seem inconvenient and problematic.
Approach for a Good Password
The password should be a minimum of 8 characters with (Mix Characters = Capital + Special + Numeric + Normal) i.e. “Goodboy@!321” and follow the approaches given below.
- Use the Base and Pin approach to create a unique password for each site you log in. (i.e. let’s say you are logging onto https://www.primevideo.com/) The base is “rime@” and the pin is “home@321.”
- Find a phrase that’s easy to remember (song or idiom): “Itsrainingcatsanddogs@321”
- Alternatively, you may use a password generator tool to generate a new password and most of these are provided by default by the service providers.
Password manager:
A password manager is a programme that allows users to store, generate, and manage their passwords for all applications and online services. A password manager assists in generating and retrieving passwords, storing them in an encrypted database and using them on demand. Most of the services offered have army-grade AES 256-encryption to offer the highest level of security.
Broadly, there are three types of password managers. (a) Locally installed – Software installed on a laptop or smartphone that encrypts and stores credentials on an application. (b) Online services – These are installed on a server and can be accessed from any computer or device with an internet connection, allowing you to encrypt and store credentials. (c) Hardware devices – Installed on a hardware device that allows you to encrypt and store credentials.
A few benefits of using a password manager are (a) no need to remember all your credentials. (b) They notify you in the event of a forged login. (c) Generate a set of credentials at random. Change your credentials easily. (e) Using the same password manager across multiple devices.
Few reputed password managers are (a) https://lastpass.com/ (b) https://keepass.info/ (c) https://keepersecurity.com/ (d) https://pwsafe.org/ (e) https://dashlane.com/
Two-factor authentication:
Two-factor authentication (2FA), is also referred to as two-step or dual-factor authentication. It is a security process in which users provide two different authentication factors to verify access. 2FA adds an additional layer of security to the authentication process by making it harder for attackers to gain access to devices or online accounts using phishing tactics.
A few types of 2FA are (a) Hardware Token: Hardware instruments that provide a new numeric code every 30-seconds. (b) SMS Text-Message and Voice-based: Sending a one-time passcode (OTP) to the user via text message. (c) Software Tokens – Software-generated time-based, one-time passcode. These are also referred to as TOTP. (d) Push Notification: Portals and applications send the user a push notification as an authentication, where the user can approve or deny access with a single touch.
Two-step verification vs. Two-factor authentication:
Two-factor authentication and two-step verification are interchangeably and do seem to overlap considerably, but they aren’t quite the same. (a) Two-step verification, a user to enter both a password and a one-time code that has been sent to their iPhone or other trusted device. (b) Two-factor authentication includes the authentication methods used, which are equipped with facial scan technology, which can be accessed after a fingerprint scan.
Approach for Securing Password
To maximise password safety, both individuals and organizations need to:
- Use Password Managers: The tools can generate, retrieve, and keep track of long, complex passwords for you, in an encrypted database.
- Turn on Two-Factor Authentication (2FA): A second level of security, 2FA requires a second form of identification—such as a text message code—in addition to your standard process of entering your password.
- Periodic password change: Regular changing of a password will protect the user from exposure that may occur over time due to undetected breaches.
- Educate and Train: An organisation should educate its employees on the importance of password security and enforce policies that would promote strong password practices.
- Periodic Check: Have the habit of checking if your passwords have been stolen like Google Password Check and others as written here (a) https://passwords.google.com/ (b) https://haveibeenpwned.com/ (c) https://snusbase.com (d) https://www.avast.com/hackcheck
Future Passwords
Cybersecurity will keep changing, just like technology. New technologies, for example, biometrics, multi-factor authentication, and even more advanced password less systems, are on the increase. Now, while these grow in ubiquity and complete their development in being fully reliable, strong, and secure, passwords remain one of the cornerstones of cybersecurity.
Conclusion:
Even a small thing, like the importance of a password, is tremendous in cybersecurity. Making every single password strong and secure in a way that ensures protection to our information about personal and financial matters helps bring a safer and more secure digital world into effect. Let’s not underestimate the power of a good password—it is a simple yet powerful tool in our cybersecurity arsenal.
