Why is Password Security Important?

What do Our Passwords Protect?

Most of our online accounts are protected by a username and password combination. These passwords protect the data that we store in our accounts, whether that is our bank details, our purchase history or our home address.

How are Passwords Hacked?

You will learn about three different types of password attack: brute force attacks, theft of individual passwords and theft of batches of passwords.

Brute Force Attacks

In a brute force attack, an attacker guesses passwords until they find the correct one. This might involve guessing a combination of characters or creating a list of passwords beginning with the most common, as in the more specialised dictionary attack. The dictionary that attackers use contains passwords centred around real words and combinations of real words.

Theft of Individual Passwords

An attacker could steal a victim’s password, for example, by using the social engineering techniques discussed previously or by infecting the victim’s device with a form of malware that records their activity, including the letters that they type.

Some websites take more precautions to protect your accounts than others. You might have multiple strong passwords for an online banking account but you might not take the same precautions when setting up a social media account. Attackers know this and will target weaker accounts to help them to guess the passwords for more secure accounts.

Theft of Batches of Passwords

An attacker could hack a website and steal batches of passwords. This can give them access to lots of accounts at the same time.

How to Make a Strong Password?

Passwords should be memorable for the individual but difficult for an attacker to guess. As you have seen, password attacks often rely on victims using common combinations of characters and similar passwords across multiple accounts. Therefore, all of your passwords need to be different and unpredictable.

Personal Details and Dictionary Words

You should avoid using any personal details, like your pet’s name or your favourite sports team, as a basis for your password. To protect yourself from a brute force attack, you should avoid dictionary words altogether, even if you’re substituting some letters for numbers or symbols – if “password” is in the attacker’s dictionary, so is “p@ssw0rd”.

Length and Complexity of Your Password

You should also increase the length of your password and add in more types of character. The more types of character you include and the longer your password is, the more guesses the attacker has to make.

Use a Password Generator

Rather than finding a strong password, it is better to design a strong password generator that you can use to easily create lots of memorable passwords that appear random. Here are three methods of generating passwords:

• Create a phrase from random words – you can still defend against a dictionary attack if you combine words in an unpredictable way. Choosing words at random is the easiest way to do this. For example, this website helps you to choose words at random with dice. Once you have chosen the words, you should add numbers and symbols into the password.
• Use a memorable phrase as the basis of your password, instead of using words. For example, you could turn the phrase ‘FutureLearn is the number one online learning platform’ into the password ‘FLitn1e-lp’. You can tailor this phrase to the purpose of your account to make it more memorable. For example, you could use a phrase about shopping to make a password for an eBay account.
• If you have a visual memory, create a grid of characters (arranged randomly) and choose your password by drawing a pattern. Then, you would just need to learn the pattern, not the actual password.

Questions

• What kind of information might an attacker use to guess your password?
• Why is a longer password more secure?