{:title "Why is having a good password important?" :layout :post :tags "Miscellaneous" }
Many people seem to reuse their passwords, or not include any strong security measures in their passwords. Usually it's because it's hard to come up with a new password, and to especially remember it. However, there are very important things that come from having a solid password. It helps protect sensitive data, such as financial information, documents, and personal data. Not only that, but it protects against unauthorized access to any of your accounts and devices, which lead to identity theft, fraud, and other things.

Why shouldn't you reuse your password?

While it's convenient for people to have a single password for all their accounts, it's not suggested as it has serious consequences. If you use the same password for every account, it leads to an increased risk of your other accounts getting compromised. Once they have an email, they can reuse the password they used to access all your other accounts that use said password. Security measures like two-factor authentication won't be effective in protecting your other accounts as well, since it can be socially engineered, and it can be bypassed by malware or other things.

How do people get access to my password?

There are many ways that people can figure out your password. On the internet there are countless forums where people post large data files with information about users from a data breach in plain-text. People can use malware to steal your password with keyloggers, allowing them to obtain your password without you knowing. Not only that, but there are also things like social engineering/phishing, which is when people trick you into revealing your password through the use of fraudulent emails, websites, or calls. This is usually to "resolve an issue" or fix a problem. Finally, there are password cracking tools.

Different types of Password Cracking Tools

  • 1: Brute force attack: Usually the simplest, least efficient, but is guaranteed to eventually work attack. A brute force attack takes every possible combination of letters until the correct password is found.
  • 2: Dictionary Attacks: Uses a list of commonly used words, phrases, and patterns for guessing passwords. An attacker takes the list and runs it through a program to match it with the correct password.
  • 3: Rainbow tables: Rainbow tables are a large dataset consisting of password hashes for commonly used passwords and the slight variations for them. If an attacker wants to figure out a password with a hash, they can look up the hash in a rainbow table and determine the original password. Hashed passwords are a way of storing passwords so even if a database is compromised, the passwords cannot be figured out easily. They are often encrypted in such a way that they cannot be decrypted, and it's transformed into a fixed-length string of characters called the hash. However, rainbow tables make them less optimal, but they're still one of the best methods to secure a password.
  • How to make a strong and secure password?

    Generally, you want to use a password that is longer than 12 characters long, or else they're easier to guess. Using a mix of upper and lowercase letters, numbers, and symbols can make it more complex and harder to guess. Using personal information such as your name, birthday, or any information that you can find online shouldn't be included in your passwords. There are random password generators that can create strong passwords while excluding guessable patterns. They usually select random letters, numbers, symbols, and other things to make them. Mnemonic passwords are passwords based on a phrase or sentence that is easy to remember. The phrase can be transformed into a password by using the first letter of each word, and by adding symbols or numbers in between. An example would be "My favourite type of cake is vanilla cake." -> "!Mftocivc."

    How can I remember my passwords?

    Physically writing them down on a piece of paper and storing it in a secure location is a good way to remember them. However, the thing I use are password managers. Password managers allow you to view all of your passwords with a singular password, often called the "Master Password." I personally use Keepass, since it's a free and open-source password manager that stores passwords offline, which makes the chance of them getting intercepted less likely.