Passwords

02.06.2016 |

Episode #6 of the course Cyber security basics by FutureLearn

 

From checking out Facebook on your mobile phone and doing your shopping on your tablet to logging into online banking on your laptop, millions of us log into online services every day. We trust that the systems we use are secure and limited only to us, and typically, this is achieved by logging into web services with a username and password. Passwords are the most common way we uniquely identify ourselves from other users. But have you ever considered how secure your passwords really are?

Encryption and hashing are two ways companies help to keep our passwords safe as they travel between computers over a network. When a user enters a password on a website, it is matched against the password stored. If the two passwords match, the user is granted access. Very often, passwords are encrypted when they are transmitted across a network so they cannot be intercepted on their journey. The most common form of encryption is the SSL standard (Secure Socket Layer) and more recent TLS (Transport Layer Security), which you can look for when you spot “https” at the beginning of a web address instead of “http.”

Almost all online services and computer systems also use a technique called hashing to store passwords on a server. A hash is the result of processing plain text to create a unique, fixed length identifier, and it ultimately means that your password cannot be deciphered even if the stored data is hacked and ends up in the wrong hands.

Yet even with encryption and hashing, there are still ways in which attackers can decipher your passwords. One of the oldest methods of breaking into computers is to perform a dictionary attack. This is when a computer attempts to log into an account by systematically working its way through one or more dictionaries. To combat attacks such as these, some computer systems restrict the number of unsuccessful log-ins, after which the account is locked and needs to be reset by an administrator. To avoid getting your password stolen in this way, it’s wise to choose passwords that don’t resemble dictionary words and use a different password for different accounts. The strongest passwords are not easily guessable and are made up of a collection of letters, numbers, and symbols.

Two-factor authentication can help you to protect your accounts even further. To date, a number of big organizations including Apple, Google, Dropbox, eBay, and PayPal support two-factor authentication to improve security. Two-factor authentication requires you to enter two pieces of information rather than a single password: your password and a changing value that is either sent by the website to your mobile phone or generated by an application on your computer.

If you have trouble remembering passwords, a password manager program will store passwords for you and help you to start practicing good online security hygiene. Some of the more sophisticated services such as LastPass, KeePass, and Dashlane can also generate new passwords for you. With a password manager, you only have to remember one password—the one that opens your password manager vault—which means it must be a very strong one.

 

Recommended free course

Introduction to Cyber Security

 

Recommended book

“Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World” by Bruce Schneier

 

Share with friends