Passwords are the guardians of our online data. They safeguard (or should safeguard) each online profile you create, as well as the information contained therein. However, are you knowledgeable about how passwords work? For the majority of people, all they need to know is that they enter a username and password into a couple of text fields and, like a key being turned into a lock, a website unlocks for them. On the other hand, understanding the mechanics of online passwords may assist users in creating a strong password for enhanced online security. Let’s take a look at the science behind passwords from the inside.
- How do passwords function?
- When were they created and why were they invented?
- What are the advantages and disadvantages of passwords?
- Suggestions for establishing a secure password.
- What additional security measures are available?
- Other safeguards for internet safety.
How do passwords function?
As a website visitor, you only see the most basic aspects of how passwords work. Typically, when you register for a website, the site may request certain personal information from you. Your name, preferred username, and perhaps your date of birth and address, as well as your password. Enter your information and click “sign up,” and then you may sign in with your username and password every time you visit the website since the website saves that information for future use.
However, the procedure is more complicated than that. While it would be simplest for a website to remember your information if it just stored it verbatim on a server, this is far from a secure approach. If a cybercriminal hacks or penetrates that server, your password, or other information may be made public. As a result, trustworthy websites filter your information using a technique called “hashing.”
What is hashing?
In essence, hashing scrambles your data and gives it a unique string of random letters and numbers. The hash function “md5()” is one of the most often used. It converts any input to a 32-character string. See how it works below:
md5(password) = 3uta831an2fi85mnb601iq1hb6m5o0z3
Anything enclosed in parentheses becomes a randomized output when using the md5 function.
The most critical property of hash encryption is that if the same hashing algorithm is employed, a given input will always generate the same output. This is the method they use to safeguard passwords:
- On a website, a user establishes an account.
- The password is hashed and then saved in the website’s database.
- When the user logs in again, the hash function is applied to the password they enter.
- The website then searches the database for an exact hash match against the previously stored password information.
- When a match is discovered, access is given to the user.
A hacker’s ability to reverse a hash function to get access to a user’s password is virtually impossible. Indeed, they find it simpler to guess the user’s initial password, even after millions of tries, demonstrating the critical importance of creating strong, memorable passwords.
When and why did passwords become popular?
Passwords are not a novel idea. They were employed by sentries in ancient Rome to confront both allies and enemies entering outposts. Since then, their usage has grown widespread in espionage films and tree forts worldwide.
However, digital computer passwords were invented far earlier than you would think; even before the internet was invented. MIT created the Compatible Time-Sharing System, a computerized operating system that allowed researchers to use computers on a timed basis, in 1961. To safeguard the data of individual researchers, a computer scientist called Fernando Corbató recommended the usage of passwords.
However, since the simplicity of the early password systems made them simpler to hack, cryptographer Robert Morris Sr. developed the hashing technique described above a decade later.
Since then, various procedures for password generation have been introduced – such as the rules dictating which characters must be used in a password – in response to the widespread danger of hacking that has existed since the internet’s inception.
What are the advantages and disadvantages of passwords?
Since passwords protect almost every online account we have, many individuals think they are also the most secure option available. To be honest, yes and no. While passwords have some distinct advantages over other systems, they also have a few disadvantages.
- Pro: Passwords are straightforward to generate and manage. They’re even suitable for Grandpa!
- Con: Hackers have honed their skills at guessing basic passwords, particularly popular ones. Consider the following list of the most frequently used passwords. If yours is included, consider changing it immediately!
- They are fully customizable. The password that you create will be simpler to remember than the one that is generated for you.
- Con: In an attempt to create an easy-to-remember password, many people create one that is much too simple to guess for hackers.
Another significant weakness of password security has arisen as a result of the plethora of accounts we all use daily. Many people recycle the same password to remember how to login into each website for which they have an account. Regrettably, a hacker only has to guess or steal the password to one account to get access to all of them.
How to create a strong memorable password
Passwords secure everything that happens online. Your email, social networking accounts, and financial accounts, among others. It’s only natural to want your initial line of defense to be as robust as possible. Unfortunately, creating a strong password that is also simple to remember is not always straightforward, all the more so when you need to use a unique password for each account.
Fortunately, there are a few excellent methods for creating strong, memorable passwords (gym workouts and protein shakes are not required).
- Utilize a password management program
- Make it a minimum of 12 characters.
- Utilize numeric characters, symbols, and upper- and lower-case letters.
- Use fictitious terms
- Steer clear of obvious replacements
- Create an easily-remembered mnemonic
Organize your passwords using a password manager
When you use the internet often, it’s not uncommon to have five, ten, twenty, or even more distinct password-protected accounts. With so many, it’s easy to fall into the trap of using the same password for all of them. It’s the most convenient option since it requires you to remember just one password rather than many. However, it is also less secure. If one account is hacked, you risk having all of your other accounts compromised as well. Instead, use unique passwords and a password manager to keep track of them for you (we recommend NordPass). This enables you to safeguard your security while also keeping track of your passwords.
At the very least 12 characters
The majority of websites specify a minimum character count for passwords. Some maintain it at eight, while others reduce it to four. However, a shorter password is less safe. A good rule of thumb to follow is to include at least 12 characters in your password. The farther you go, the more secure it becomes.
Utilize numeric characters, symbols, and upper- and lower-case letters
The more random your password is, the more secure it is. You may contribute to the appearance of randomness by including a variety of numbers, symbols, and characters. Numerous websites have already implemented these rules, mandating the usage of a variety of character specifications.
Avoid using real words
While actual words are easier to recall than an incomprehensible jumble of letters and numbers, they are also simpler to break. If the term can be found in a dictionary, avoid using it.
Avoid self-evident substitutions
Many people think that substituting comparable numbers for letters (for example, 3 for E) is an excellent method to create a secure password. After all, it introduces a new character type and avoids the problem of utilizing actual worlds. However, the technique has become so widespread that it no longer serves to strengthen a password.
Create an easy-to-remember mnemonic
Therefore, since you are unable to use actual words and cannot replace them with numbers, how can you construct a strong yet MEMORABLE password? It may seem as if your only choice is to bash your skull against the computer and use it as your password. However, by establishing a mnemonic, or memory trick, you can still generate a strong, largely random password.
To begin, create a memorable phrase (bonus if it includes numbers somewhere). For instance, in 1980, “The Empire Strikes Back” was released. Tickets are $7.50 each.” You may then construct your password by using the initial letter of each word, the punctuation, and the digits. It would then become “TESBwri1980.Tc$7.50pp.” Not only is the password longer than 12 characters, but it also contains capital and lower-case letters, numerals, and symbols, making it simpler to remember than a random password.
What other security measures are available?
While passwords remain the simplest way for websites to protect user accounts, several cybersecurity professionals started raising concerns about their general effectiveness over a decade ago. They’ve existed long enough for users to acquire poor password practices and hackers to build efficient password theft methods.
While no ideal substitute for passwords has been developed, many businesses have begun adding several levels of account protection to their websites, requiring passwords to be used in combination with other security measures. The measurements include the following:
- Multi-factor authentication. Users may still access their accounts using their standard passwords with this type of protection. To bypass security, individuals must additionally enter a one-time code given to the email address, phone number, or authenticator app. This is because since the one-time code expires, the hacker cannot use an outdated one to access accounts.
- Biometrics. This kind of security depends on recognizing a user’s fingerprint or facial recognition in order to allow access to an account (usually biometrics grants access to devices rather than websites). While biometrics have come close to supplanting conventional passwords, they still make far too many errors to completely take over the security sector.
- USB keys. Certain businesses are creating USB keys; these are actual devices that you can plug into your computer and which interact with the websites you visit to automatically unlock your account.
Other online security measures
Along with establishing secure passwords for your accounts, there are other measures you can take to safeguard yourself online. The steps include the following:
- Recognize the symptoms of phishing. Phishing is a very efficient technique for stealing passwords used by hackers. This technique works by duping the user into believing they are engaging with an email from a genuine source, such as a financial organization. When a user’s guard is down, they may unintentionally give out personal information. While phishing has evolved into an art form, there are still methods to detect and prevent phishing efforts.
- Use of a reliable virtual private network. VPNs protect your surfing experience with anonymity and encryption, minimizing your exposure to internet snoopers.
- Delete any previous accounts. Numerous contemporary websites update their security measures regularly to help keep you secure. However, out-of-date websites may have slipped behind the pace. Regrettably, just because they have lost popularity does not imply that they are no longer susceptible to hackers. Indeed, they are even more tempting targets due to their simplicity. Consider canceling any account you may have with a site like this, particularly one protected with a password you still use.
Password security is not a trivial matter. A strong password may make the difference between online safety and a significant violation of your privacy. Utilize these recommendations in combination with other security measures such as multi-factor authentication to provide the most comprehensive account protection possible.