In our hectic lives, we often find ourselves lacking the time to pay attention to the smaller details. These seemingly minor aspects can sometimes lead to compromises and breaches that we tend to overlook.
One such detail is the length of your password. Many online platforms have standard requirements for password length, with a minimum of 8 characters long, which is good. If a hacker knows that your password is exactly 8 characters long, they might guess that you’re using a relatively simple password that adheres to the minimum requirements of many sites.
Let’s take a closer look:
Let’s say you engaged in shoulder surfing while your friend entered their password, and you noticed that their password is something related to admin, but you are not quite sure.
To effectively leverage that basic information, you’ll need a dictionary of words to understand their passwords. There is a command in Kali Linux called “Crunch” that can create a wordlist dictionary with a specific combination, like the minimum and maximum length of the password and 4 characters to represent some group of characters, like below where % is used for numeric characters.
crunch 8 8 -t admin %%%
So the above command will output all the words starting with “admin” and then it provides an output of all the possible combinations with digits.
There are more sophisticated attacks that can occur merely by assuming a password length of eight characters. Attackers can utilize a combination of commands to generate a word dictionary for cracking passwords. The importance of password complexity cannot be overstated. Besides increasing the length, incorporating a mix of uppercase and lowercase letters, numbers, and special characters can significantly enhance security. This complexity exponentially increases the number of potential combinations an attacker must try, making brute force attacks more time-consuming and less feasible.
By the above example, it is very clear to avoid using easy and guessable passwords, and the longer the password, the better the strength of it. Striking a balance between complexity and memorability is key. Consider using multiple random words to create a secure yet easy-to-remember password. For instance, a phrase like “LakeCornerMoon@640” is lengthy enough to provide robust security and memorable enough to recall without writing it down.
Additionally, enable multi-factor authentication wherever possible, adding an extra layer of security that makes it significantly more difficult for unauthorized users to access your accounts.
Your mantra:
- Have a unique and strong password with a minimum of 12 characters long.
- Have a basic understanding of which sites you consider as critical ones (sites like banking, health insurance, etc.) and which ones are not. Now have very strong and unique passwords and no repeating of passwords across your sites.
- Ensure MFA (Multi-Factor Authentication) is enabled — this serves as your protective shield; remember not to overlook it.
- Beware the bait — phishing comes dressed as trust
- Be cautious of any phishing emails, alerts, or messages.
Disclaimer: The information provided in this blog is intended solely for educational and informational purposes. It should not be construed as professional advice. The author makes no representations as to the accuracy or completeness of any information and will not be held liable for any actions taken based on the content of this blog. Readers are encouraged to do their own research and consult with appropriate professionals where necessary.
