Passwords – Protection Strategies and Design

The logic of creating strong passwords is something that most of us understand. The stronger your password, the more difficult it will be for someone else to access your application and the information it is trying to protect. However, even though we know this, we often ignore this “best practice” when setting up passwords for the applications we want to access online.

Why are we doing this? Comfort above all. Also, I think the internal mental belief that there are so many millions of people online, what are the chances of me being the one getting hacked? That is, if we are thinking of potentially being hacked while setting these passwords. Many people set passwords just because the app we’re trying to access tells us we have to have one.

But have you noticed anything lately when accessing your applications online? Corporations with the applications you access now often ask you to:

  • Periodically change your password. They ask you to provide additional answers to questions that may be asked as a secondary ID verification step.
  • They ask you from time to time if your email address is still correct, what is your phone number, etc.
  • Sometimes you have to enter random sets of characters that are shown to you on a login screen in a box that you need to correct to log in to the app.
  • They force you to create longer and stronger passwords with special characters and/or uppercase characters to make it more difficult for others to hack your system.
  • If you are trying to access your information from somewhere other than your own home, messages sometimes appear asking additional questions to help you authenticate. How do they know you’re away from home? Because their internal systems when you log in also capture your IP address (which indicates your location) and compare it to what they have associated with your password for when you usually log in, so they know when you’re away.
  • They’re even capturing your device information, so if you’re logging in from a different computer, they can tell too.

Why are they doing this? They are trying to make their apps and the information within them as secure as possible. They are worried about being hacked. And you should be too.

A central reason for this is tied to the thought I expressed at the beginning of this lecture that: “…that there are so many millions of people online, what are the chances that I’ll be the one to get hacked?” This is a mistaken belief in your own safety and I’ll tell you why.

When a hacker attacks you, it’s not a personal one-on-one event. Hacking begins with the hacker’s collection of more general information. And he or she is collecting a lot of information about many people accessing many systems and the hacker is using personally created “Search” applications to find out things about people accessing applications on the Internet; these programs, depending on what they do, are called things like “bots” or “robots” or “spiders” etc.

At the same time that these programs gather information on the Internet and then dump the findings into databases controlled by the hacker, the hacker searches for applications they want to break into, looking for weaker security applications that have vulnerabilities that may be exploited.

So, when vulnerabilities are found, the hacker writes additional access code to exploit these vulnerabilities and then combines it with the data collected by their previous data collection efforts, “Hacking” a targeted application, and more. of a person can be affected by a single “Hack”. In fact, sometimes hundreds or even thousands of people can be exploited practically simultaneously. So Hacking is not just one thing. These days, if something happens to one person, it’s probably happening to a lot of other people too, and possibly you’re in on the act too.

These Hacks take time to build but are sophisticated. And the computers that many of us use are very often quite vulnerable.

The following are some things you can do with your password to help protect yourself and your data online.

  • Create strong passwords and use them in the applications you access online. A strong password is usually longer than 8 characters, will contain upper and lower case alphabetic letters, and will have at least one special character, such as: @, #, $, %, etc.
  • The password should be random in many respects and should not contain information that can be easily linked to you, such as part of your name, your address, the names of your children, the names of pets, etc.
  • When you can online, enable “double sign-in” features in apps that allow you to do so, especially when accessing sites important to you, like financial sites or anywhere you’ve left credit card information.
  • Use different passwords for different applications. Try to avoid using the same password in different applications.
  • Minimize or do not use the “Remember my password” and “auto-fill” features on your computer. These are often stored in your cookies, which can be hijacked by a good hacker.
  • Change your online passwords regularly, especially for your important or financial sites.
  • On social networking sites such as “Facebook”, etc., be careful about what information you post. Some hackers scour these sites for personal information that you might be using as part of your passwords elsewhere, like children’s names, etc. If you’re using strong passwords online, this isn’t as critical, but keep in mind that this continues. If you still use passwords that contain words that you also use on your social media sites, they can be used to hack you.
  • Do not use sites that offer to test your planned passwords to see if they are secure or not. Some of these sites may legitimately offer this service, but be careful not to do so. Every site you go to can log your exit IP address and if you’re testing password strength on a third party site, they can log your IP address to find you in the future and you’re giving them the passwords you’re thinking of using. – It is not a good idea.

In short, I recommend that you take a look at all the sites you access online today and review the passwords you are using on them. Get strategic about it. Ask yourself questions at each site like:

  • Is this a strong password? If not, how should I make it stronger?
  • Can I set up double authentication on this site?
  • Am I using the same password on multiple sites?
  • When was the last time I changed my password for this site?
  • Is there any personal information in this password that others can figure out and use against me?

By doing this exercise, you will improve your online security. Its worth doing.

That is all for now. Thanks for reading my article.