A Strong Password is the Foundation of Online Security
By following a few simple rules when creating passwords, we can minimize the risk of them being cracked and ensure secure use of services and accounts linked to them. However, one might ask, do we really know what a strong password looks like and how to store it?
How to Create a Strong Password
Most internet service users will agree that passwords like “password123” or “qwerty12345” do not guarantee data protection. In fact, they guarantee a lack of it. Despite advancements in security, the weakest link remains human error. This is why we still see the use of such passwords or computers and monitors adorned with sticky notes bearing passwords or other crucial information that should not be in plain sight. The reason is usually convenience. However, we must take responsibility and adjust our security measures to the basic standards of creating and storing passwords.
First, let’s determine what a password should be. To start, we certainly reject the simplest forms such as “password” or even “pa$$word” – they are too obvious and don’t require a skilled hacker to guess them. The second important aspect is the number of characters. It is generally accepted that a minimum of 8 characters should be sufficient, but some service providers may require 10 or even 12 characters, and this should not surprise us. A good example is a SIP account with a landline number in our EasyCall.pl business network. We currently require a minimum of 8 characters when creating a password for such an account. Additionally, it is recommended to use lowercase and UPPERCASE letters, numbers, and special characters (though not all portals/services allow the use of the latter).
However, applying these rules can lead to the creation of completely unreadable passwords, which, while enhancing security, become difficult to remember, especially in larger quantities. A simpler approach is to create meaningful sentences or word groups.
Example of such a password:
N4jsiln!3j$ze_M0je_H@$l0
Simply replace common letters with numbers and special characters that resemble them: for example, replace the letter “s” with the dollar sign “$”, the letter “a” with the at sign “@” or the number “4”, spaces between words with “_” and so on. This way, we can remember the password while adhering to the rules mentioned above. However, remember not to use words that refer to the name or type of service you are protecting. We strongly advise against using the same or even similar passwords for all accounts. They should differ significantly; ideally, they should not share any common “words” or “phrases.”
Storing Passwords
With the basics covered, let’s move on to storing passwords. Having multiple passwords leads us to write them down in convenient places. First, we must reject sticky notes or even text files saved on the computer. Browsers help by allowing us to remember and log in with one click to most portals. While this isn’t always a bad practice, it poses a risk: anyone who gains access to the browser gets all our account passwords as a bonus. Therefore, it’s worth checking which accounts and services contain sensitive data and information whose leakage could have unpleasant consequences, and for these, do not select the “Remember password” or “Remember me” option in the browser.
So where should we store the most important passwords? There are many specialized software types called password managers. These programs store an encrypted file with a database of saved passwords on the computer. This file is encrypted with a password, often additionally secured with a special key or another file. Using this solution, we need to create (and then remember) one or two strong passwords to use for reading and copying all others when necessary. This allows us to start using more complex passwords consisting of random strings of characters.
It’s important to keep a backup of the encrypted file (e.g., on a portable drive or USB stick) and update it frequently. If we only have one copy and lose it, we will have to reset all saved passwords.
Many such programs are available, with recommended examples including:
LastPass Premium, 1password, Password Manager Pro, KeePass.
Two-Factor Authentication
An additional security measure increasingly appearing during logins, for example in online banking or social networks, is two-factor authentication. Various methods are offered, with the most popular being:
- A code sent via SMS to the mobile number provided in the user’s profile
- Biometric scan, such as fingerprint recognition
- Authentication code in an app, e.g., Google Authenticator
The first two methods are rather straightforward, so we won’t elaborate on them. We’ll focus on the last one, authentication using a code generated by the Google Authenticator app, which we recently introduced to our Reseller platform. After activating it, the user must download the Google Authenticator app on their smartphone and scan the displayed QR code or enter the displayed secret code into the app. The app pairs the device with our platform and generates a login code. From that moment on, each new login to the Reseller Panel requires confirmation by entering the code from the Google Authenticator app. To generate a new code, simply click on the currently displayed one in the app.
This solution effectively protects our data even if our password is compromised or cracked.
Email Security
Almost everyone today has an email account. It is essential for registering and creating accounts on most services and portals. Besides registration and account activation, our email account is often used to recover passwords that we may have forgotten. Losing access to our email account can have very unpleasant consequences, as it can lead to data theft from all other services and portals registered with that email address. Considering this threat, securing our email should be a priority. Remember to have a very strong password for it and enable two-factor authentication if possible.