Tips Making Your Password Hard to Crack!
- Make it unique. The first and the most important tip is making your password unique for each of your accounts. That decreases the possibility of breaking your account. Hackers try the same combinations on different platforms. So, be careful about choosing unique and different ones for your accounts.
- Do not include personal information. Personal information is easily discoverable. Do not include information such as your birthday, address, anniversary, birthplace, school, etc.. These make it easier to guess.
- Include characters, number, symbols. Using a week password puts all of your data at risk. Use one that has at least 16 characters, one number, one upper letter, one lower letter, and one symbol. Avoid using similar passwords that only a single word or character is changed. It will weaken your account security. The mixture of numbers, characters, symbols makes it hard to crack. Substitute numbers with letters, thus making it easier for you to remember. But avoid using obvious substitutions such as “$tr0ng” where you replace s with $ and o with 0.
- Make your passwords long. The longer and more complex it is, the longer the cracking process will be. Now It's recommended “passphrase”. A phrase should be relatively long, consisting of random words together along with numbers, symbols, and upper and lower case letters. The longer the passphrase, the stronger your account security is. It is a sentence that is at least 12 characters long. Use nonsense combinations! Passphrases are keys to your online personal home. You should do everything you can prevent people from gaining access to your passphrase. You can further secure your accounts by using additional authentication methods. Use nonsense or favorable combinations!
- Do not share via email or text message. Do not tell your passwords to anyone else. Also, do not write on a piece of paper and stick it on your computer. If you give it to someone, then change it!
- Do not use similar passwords. Avoid using similar passwords that change only a single word or character. If one of the passwords stolen, then it means that all of the similar ones stolen too. This practice weakens your account security across multiple sites.
- Update your password regularly. To keep it safe, update it every few weeks or months. It's recommended to change it every ten weeks. Change the character substitutions. Reverse the use of upper and lower case letters.
- Do not use any dictionary words in your passwords. If the combinations not found in the dictionary, it means they are not grammatically correct. That makes it harder to crack.
- Use two-factor authentication. Two-factor authentication doubles the protection against hackers. With two-factor authentication, the user must have his/her cell phone to verify identity in addition to the username and password.
- Do not log in to others’ computers. Remember not to log in important accounts on the computers of others, or when you connect to a public Wi-Fi.
Check the websites before entering.
Check the popularity of a website with any toolbar to ensure that it is not a phishing site before entering a password.
- Protect your computer. Protect your computer with firewall and antivirus software, block all incoming connections, and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.
- Keep the operating systems up-to-date. Update the operating systems( e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, Microsoft Edge ) of your devices( e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) by installing the latest security update.
- Check the keyloggers. Check if there are hardware keyloggers( e.g., wireless keyboard sniffer ), software keyloggers, or hidden cameras. If there are important files on your computer, others can access it.
- Use an on-screen keyboard. If there are WIFI routers in your home, then it is possible to know the passwords you typed ( in your neighbor's house) by detecting the gestures of your fingers and hands. The WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases. It would be more secure if this virtual keyboard( or soft keyboard ) changes layouts every time.
- Remember about computers and phones before leaving. Turn off or lock your computer and mobile phone when you leave.
- Encrypt the hard drive. Encrypt the entire hard drive with any tool before putting important files on it, and destroy the hard drive of your old devices physically if necessary.
- Use incognito mode. Access important websites in private or incognito mode, or use one Web browser to access them, use another one to access other sites. Or access unimportant websites and install new software inside a virtual machine.
- Use different emails. Use different email addresses, one for receiving emails from important sites and apps, use the second one for receiving emails from unimportant sites and apps, use the third one for receiving your password-reset email when the first on hacked.
- Use different phone numbers. Use at different phone numbers, do not tell others the phone number which you use for receiving text messages of the verification codes.
- Be careful with email links. Do not click the link in an email or SMS message; do not reset your passwords by clicking them, except that you know these messages are not fake. Avoid clicking links or opening websites that you do not recognize, even if they appear to come from people you know via email, instant messages, or in-game messages. It is possible that their account was used by someone else to phish information or put malware on your system.
- Use web-based apps. Hackers may have modified one of the software or app you downloaded or updated, you can avoid this problem by not installing this software or app for the first time, except that it is published to fix security holes. You can use web-based apps instead, which are more secure and portable.
- Be careful with online paste tools. Be careful when using online paste tools and screen capture tools; do not let them upload your passwords to the cloud.
- Work attentively with databases. If you are a webmaster, do not store the user's passwords, security questions and answers as plain text in the database, you should store the salted ( SHA1, SHA256 or SHA512 )hash values of these strings instead. It is recommended to generate a unique random salt string for each user. It is a good idea to log the user's device information( e.g., OS version, screen resolution, etc. ) and save the salted hash values of them, then when user tries to login with the correct password, but the device information does not match the previously saved one, let this user to verify user’s identity by entering another verification code sent via SMS or email.
- Update the package. If you are a software developer, you should publish the update package signed with a private key using GnuPG. Verify the signature of it with the public key published previously.
- Keep your business safe. To keep your online business safe, register a domain name of your own, and set up an email account with this domain name, then not lose your email account and all your contacts, since you can host your mail server anywhere, the email provider can not disable your email account.
- Close your web browser before you leave. Close your web browser when you leave your computer; otherwise, the cookies can be intercepted with a small USB device easily, making it possible to bypass two-step verification and log into your account with stolen cookies on other computers.
- Remove bad SSL certificates from the browser. Remove bad SSL certificates from your Web browser; otherwise, you will not be able to ensure the confidentiality and integrity of the HTTPS connections which use these certificates.
- Keep your antivirus and malware protection up-to-date. Viruses and malware (malicious software) harm account security and allow someone else to gain access to the account, user names, and other important information. For that reason, use an antivirus scanner. The program detects and removes the potential threats to your computer’s security.
- Check the website familiarity. Before accessing notice how the website looks like and which questions are asked to verify your identity. Some attacks will change the login page. A user can sometimes spot these attacks by noticing slight mistakes, such as additional security questions, poor grammar, misspellings, etc. A typical malware behavior will also ask a user to enter their user ID, password, and security information three or four times and will then post a message that the site is down for maintenance or servicing.
- Secure Your Mobile Phone. With the growing use of mobile phones to conduct business, shop, and more, mobile devices are becoming a major cause of concern in the security community. Help protect your phone and other mobile devices from hackers by securing your phone with a strong password. Or, better still, use fingerprint or facial recognition passwords to help trick hackers. Although you cannot stop your important accounts from getting breached, you can do something to minimize the chances of your password hacked.
Strong Random Password Generator Tool
Cybersecurity issues have become a struggle for people worldwide. Do you know that there is a hacker attack about every 40 seconds?
By the time the average person uploads an image to any platform, the hacker attack has already taken place.
In 2016, cybercrime cost was estimated at more than $450 billion for the global economy and over two billion records were stolen.
We tend to use passwords that are somehow linked to our life events because they are easier to remember. We prefer phrases or words that we are already familiar with us. That is why we often create predictable passwords based on things we love or vividly remember.
Over 60 percent of the population uses the same password across multiple sites. This tendency smooths the way for hackers to crack. The best password is the one that is hard to stole and easy to remember. Using a strong one can prevent many problems. Here, we suggest how to create it with our Password Generator tool.
You can choose whether you want to include upper letters, numbers, lower letters or symbols in your password. Also, you can set the length of it and then click on the Generate button. Get your unique output!
This is done with the help of the MD5 ( Message Digest) algorithm. It is a widely used cryptographic hash function. This algorithm takes up random data as an input and generates a fixed size “hash value” as the output.
How hackers crack your accounts? There are several tools that they use.
There are more than 3 billion active social network users worldwide. So, that is why most of all hackers love social media.
Hackers first go after the easiest and most common worst passwords, then move on to the combinations with the least amount of characters. While a password with seven characters may take only 0.29 milliseconds to crack, one with 12 characters can take up to two centuries.
So how do hackers do their work? Hackers can access your accounts using some tools.
The most common way that One of the most common tools is “John the Ripper” also known as a “dictionary attack”. A dictionary attack works by systematically entering every word in a dictionary as a password. It takes a list of dictionary words and uses them to crack. The tool can try millions of words in a short space of time, and also can substitute letters with numbers. In 2012, more than 6 million accounts hacked on LinkedIn because of a dictionary attack.
Another mostly used tool is the so-called “Password walking”. It's when you “walk” your fingers across the keyboard, hitting adjacent keys. It creates a password that looks unique and random. While people might think a combination that seems to be secure, hackers plug in any number of variations into their tools and test them out.
The third tool is the “Password formula”. This tool works if the hacker figures out your “base password” (the part that you use over again). Then they will try different variations, or other common combinations, to piece the puzzle together.
Another tool is called “Brute force” attacks. When using it, hackers use software that repeatedly tries several password combinations. It's a reliable way to steal your information, as many users use passwords as easy as “ABC”. We suggest you some tips to create such a password that will make it hard for others to get into your account.