Passwords and personal identification numbers (PINs) are required everywhere where computers and mobile devices are used and data needs to be secured.
Passwords and PINs are the first line of defense against cyber-crime protecting personal information including financial information, health data and private files and alike. In business passwords are essential to secure trade secrets, financial data, intellectual property, customer lists, employer information etc.
As the primary step for securing data, passwords and PINs are simpler and inexpensive compared with other methods of user authentication such as key cards, fingerprint and retinal scan. They offer very simple and straightforward ways to protect systems and user accounts.
Any password is usually used in combination with a certain kind of identification such as a username, an account number or an email address which primarily establishes the identity of the user for the computer or system.
The password which should be known only to the user in a second step validates the user’s identity.
Passwords are vital components of system security but, unfortunately, can be ‘cracked’ (identified/encoded) or ‘broken’ (unauthorized access) comparatively easily.
The simplest way to crack a password is the use of a dictionary program to break the password by brute force.
Crackers also use social engineering for getting unauthorized access which describes the stealing of the password/PIN from someone’s keyboard or through imitating an IT engineer and asking over the phone. Passwords can eventually be identified by getting information about the user whose password is being sought (names, dates, social security number etc.).
A more technical approach to gain unauthorized access by passwords theft is through sniffers. These can decode data transmitted across the internet possibly reading each keystroke sent out from a computer including passwords.
It is important to choose ‘strong’ passwords which are not easily cracked and broken. Here are some basic recommendations:
- Don’t use dictionary words, proper nouns or foreign words (brute force break sensitive)
- Don’t use personal information or biographical details (social engineering break sensitive)
- Length, width/complexity & depth/unpredictability predict password strength
- Length: long passwords are more difficult to crack
- Width: different types of characters strengthen the password (mix of upper and lower case letters, numbers and symbols)
- Depth: challenging meaning (not easily guessable)
Finally, the easiest way to steal a password or PIN is by asking for it. So just don’t give it away.