DEV Community

Cover image for Beyond "password123"
Swayam Patnaik
Swayam Patnaik

Posted on • Edited on

Beyond "password123"

Introduction

In today's digitalised world, it's more important than ever to create strong passwords which protect our online accounts from getting any unauthorised access. From social media accounts to bank statements, vast amount of personal datas do reside on the web which needs to be protected. So just "password123" as a password just won't fix the issue of making the data transparent.

Hackers use a variety of techniques to crack passwords and weak passwords are easy to guess. Some of the methods used by them are Brute-force attacks, Dictionary attacks and Social Engineering.

Type of attacks

Brute-force attacks: AI Bots systematically try every possible combination of characters until the password is guessed.
Dictionary attacks: Trying out common words and phrases which are found in dictionaries to guess passwords.
Social engineering: Tricking users to reveal their passwords through phishing scams or malware.

Building Unbreakable Passwords

We can create a strong passwords by keeping in mind the basic 3 requirements for making passwords : length, complexity and uniqueness.
The longer the length is, the more complex it will be to guess/crack it. Until then the system would have detected about it being an unauthorised access.
Usage of letters with a mix of uppercase and lowercase letters, numbers and symbols is highly recommended which will make the password more complex to guess.
We should restrict ourselves from reusing the same passwords accross different accounts. Our passwords should be unique for different accounts. A single compromised password can leave all our accounts vulnerable.

We can also use Password Managers. These tools generate as well as store strong, unique passwords for every accounts by removing the complexity neccesity to remember every password.

Additional Security Measures

Two-factor Authentication (2FA): This adds up an extra layer of security by requiring a secondary code from your phone or email in addition to your password while logging in.
Logout When Finished: Don't stay logged in to your accounts on public or shared devices. Log out completely when you're done using a service.
Secure Wi-Fi Connections: Avoid using public Wi-Fi networks for sensitive activities like online banking or entering passwords. If you have to somehow use public Wi-Fi, consider using a Virtual Private Network (VPN) which encrypts your traffic.
Regular Software Updates: Keep your operating system, web browsers, and applications updated with the latest security patches which address vulnerabilities.

Conclusion

By following the above steps, we can significantly enhance our online security posture. Investment of time and effort in creating unbreakable passwords is a necessity which will ultimately keep our accounts safe.
Image description

Top comments (3)

Collapse
 
devh0us3 profile image
Alex P

The table on the picture shows only the difficulty of brute-forcing offline
It might be true when someone tries to guess a password for zip-archive

I found some research that says that's not true for today's online life, at least because it's difficult to remember so difficult passwords, and more useful to use a pass-phrase (check it out here proton.me/pass/password-generator )

The research passwordpolicies.cs.princeton.edu/

Image description

Meanwhile, a lot of websites uses any kind of CAPTCHA (for example - invisible reCAPTCHA) and multistep of entering, that creates a lot of difficulties for any brute-forsers

Soon I'll publish a big article about all approaches about that

Collapse
 
swayam_248 profile image
Swayam Patnaik

Thanks for the comment! The table is a good illustration, but you're right, it might not fully represent online password security. While brute-force attacks online are often hindered by CAPTCHAs and other measures, strong passwords are still essential to defend against other hacking methods.
As you mentioned, remembering super complex passwords can be tough. That's where passphrases, like those generated by tools like proton.me/pass/password-generator, come in handy.
In fact, I have a whole article dedicated to explaining brute-force attacks and how CAPTCHAs work to mitigate them - dev.to/swayam_248/brute-force-atta...

Collapse
 
sriyaaa2003 profile image
Rani Sriya Brahma

Instructional😀!!!