The Magical Password

If you have any of your bank or mobile or mail account passwords similar to “password123” or “<yourname>123” or “<yourname>”, then this post is specifically for you :)

Why do you think cybersecurity professionals keep advocating to have strong passwords for a long time?

Suppose your email service provider or bank has one-way encryption/hash of your password (P1). That is, whenever you type your login password (P2), the server will not decrypt P1 and compare it with P2. Instead, the server will encrypt P2 and compare encrypted P2 with encrypted P1.

This seems like a good practice! You may think that since your password is encrypted and never decrypted, it is very safe. But that is only part of the story. When a hacker hacks into a database and gets a hold of your password, what happens then? And it is frighteningly common!

How do they actually figure out your password? There are several techniques but one particular method called brute-forcing is so simple that anybody can do it with easily available software.

Explained simply, hackers have a list of characters and make all possible combinations of that to create a bigger list of words. Hackers then encrypt this list of words with standard algorithms and create an encrypted list of words. Now all they have to do is compare their list of encrypted words with your encrypted password that they got from the hacked server. Whichever matches will be your password!

The illustration shows how quickly brute-forcing a password works these days. For example, if you have a password like “34215879” or “jkzsryan”, which seems like 8 random numbers or random letters, it is still instantly cracked. How about “IamAMan”? Still instantly done 😐

A seemingly tough password like “MnInt123” is cracked in like 2–7 minutes. If you add a layer of difficulty to it by including a special character like “MnIn%12”, it can still be found in less than 1 hour. Do you still think that your regular passwords are not easily crackable?

Now, the good news is that a decent password is not too hard to make. Ideally, a decent password should be:

- At least 10 to 11 characters long
- Have uppercase letters (A, B, etc.), lowercase letters (c, d, etc.), numbers, and special characters (!, @, %, etc.)

If all this confuses you very much and you are scared about remembering a password that is so long, here is a simple tip.

“Make passwords out of your favorite sentences or phrases.”

The longer that sentence is, the better can be your password’s strength.

For example, if you like the phrase by Sadhguru — “In Is The Only Way Out”, you can make a password like “In1Is2The3Only4Way5Out6”. We only added 1, 2, etc. to each word. Do you know how difficult it is to break a password like this through brute-forcing for a hacker?

What about “If you resist change, you resist life”? Your password could be “I1y2r3c4,y5r6L7”. This password is 15 characters long and has uppercase letters, lowercase letters, numbers, and special characters. It can take a hacker several million years to crack by #bruteforcing.

So, drop your simple passwords and make the life of hackers “a little” more difficult by having decently strong passwords. It will also make the lives of cybersecurity professionals at your bank or your email provider better.

#Password #Encryption #Decryption #Technology #Hacks #Hacking #Security #Cybersecurity