Story of Passwords
Recently there was this news about Stephan Thomas a Computer programmer ( see pic below) in the US who has just two guesses left for his password to access $220m in Bitcoin before digital wallet locks FOREVER Bitcoin allows only the user access to the password, with an IronKey system (password) giving them ten attempts to get it right of which Stephan has already attempted 8. Sitting in the thought bar this week it’s the password story.
Password means a secret word or phrase that must be used to gain admission to a place or a string of characters that allows access to a computer system or an application. It is VERY important that passwords that you chose are not easy to guess , but one may be surprised to know that most people chose an easy to remember password like 123456 or LETMEIN or QWERTY or ASDFGH ( first two rows of your key board) or PASSWORD or a combination of your name and date of birthday or just WELCOME. ( see pic below)
Passwords are NOT saved as plain text by the app, its uses something called a hashing algorithm, which means if your password is WELCOME123 the computer application will convert that into a digital code which may look like this cd84d683cc5612c69efe115c80d0b7dc. If we sign up for opening a Gmail account they will ask you the following , Full Name , Gender, date of birth and ask us to create a password . Once we have done it and hit the send button the information goes to Gmail back office and your basic info provided is kept as it is in a table EXCEPT your password which will be kept as an encrypted code like this (see pic below) cd84d683cc5612c69efe115c80d0b7dc. By doing this any hacker can get the basic info ONLY and not the password in plain text form , It’s important to note that Hashes cannot be reversed so in our example cd84d683cc5612c69efe115c80d0b7dc cannot be revered to WELCOME123 because hash algorithms are designed as only ONE WAY
IMPORTANCE OF AN UNCOMMON PASSWORD
Many times we have heard of data breach what it really means is the basic info is stolen by the hackers BUT NOT the password. Hash values of commonly used passwords are available in the dark web (called rainbow table) and if the hacker sees your password as cd84d683cc5612c69efe115c80d0b7dc he will know this is WELCOME123 because this is a very common and popular password. If we give a small twist to our example of WELCOME123 to WELC0ME123 (notice that I have changed O of WELCOME to 0 (Zero) and the hash code is d56275b606602bb5a7555b407acd55ec.
Most companies have an added layer of security called SALTING this is adding a unique value to the end of the password to create a different hash value. This adds a layer of security to the hashing process. So if a salt is used to WELCOME123 hash values cannot be bought from the rainbow table. Most companies have 3 or four layer security layers called Hash, Bcrypt and Encrypt to make cracking more difficult and time consuming.
Various other ways to get your password are through Phishing techniques like someone pretending to be an agent for your bank sending you a link and asking you to log in or redirecting you to another similar looking fake website which you do not notice which is called Tab napping or send malicious attachment which may have a key logger software secretly embedded into your system.
SO WHAT IS THE BEST WAY
Here are a few tips on making your digital experience safer 1) Where ever possible make a two factor Authentication ( OTP coming to your mobile phone) 2) Don’t use the same password everywhere. 3) Make sure you update your system with security patches 4) Do not put too much information on social media to attract hackers. 5) Have a password with a combination of alphabets, numerical, special characters and upper and lower case.
SELF CHECK
Here is a website https://haveibeenpwned.com/ ( see pic below) It checks your email address with a list of websites that have been hacked or had email info stolen. I just tried it and found that my basic info is stolen 4 times when data breaches have happened. You may also want to know that nine-character passwords take five days to break, 10-character words take four months, and 11-character passwords take 10 years. Make it up to 12 characters, and you're looking at 200 years' worth of security – not bad for one little letter
