Password Help!

Do you want to check if your account has been compromised in a data breach? It may not be your e-mail account or banking credentials that may have been compromised but it can also be e-mail address that was used or associated with some other type of service or account. It might be possible that you used your e-mail id somewhere to create an account or sign-up or even sign-in may have been compromised in a data breach and the attacker might use the same credentials i.e username or e-mail and password to gain access on a different website or service.

So, you should regularly check to know whether your account (e-mail id) has been listed in any of the data breaches. Are you thinking how would I know? Are you thinking where to check and how to get that information? Just visit the link below, type your e-mail id and it will tell you whether your e-mail id was listed in any of the data breaches.

https://haveibeenpwned.com/

But, you still might be thinking that what about my password. Is the password that I am using now or was using with that account or e-mail id or any other password that I use is safe to use any longer or should I change my password? If your account was found listed in a data breach, then you must also be trying to remember that whether you used the same e-mail id and password combination somewhere else. You don’t need to think hard. There is a way to verify that. Just visit the link below, type any of your passwords and check whether that password was listed in any of the data breaches. If it’s listed then you should change your password immediately.

https://haveibeenpwned.com/Passwords/

Now, whether your password was listed or not listed in any of the breaches, you must be thinking, how would I know that my password is strong enough or what to keep in mind while creating a new password? Is there any way to verify that my password is safe and that it would not easily be broken? The answer to this question is very simple. If there is a data breach of a particular website or service, in which the data is exposed and that particular website or service was storing your data in plain-text then there’s nothing you can do except for changing your password and not using that password ever again. But now-a-days the passwords that are stored are encrypted using different cryptographic algorithms. So, even after a data breach it will take time for the attacker to break the password. Even if, someone tries to login with all the different possible combinations, it will take some time for them to do so. An attacker could also try to break your password even if he knows your e-mail id or username by using all the different possible combinations. To prevent your password from being exposed or compromised in such cases or just to be cautious as prevention is better than cure, you need to setup a strong password. So, you must remember these things while setting up a new password:

  • The password should be a combination of lower-case alphabets (a through z), upper-case alphabets (A through Z), numbers (0 through 9) and special characters and punctuation symbols like #  $  @  !  (  ) _  –  ?  and other symbols but avoid using   /   <   >  ~  \  ‘  ”
  • The length of the password must be at-least 12 characters long.
  • The password should not contain personal information (full or partial) such as
    • your name (if your name is “Ramesh”, then your password should not contain “Ramesh” or “Ram” in it)
    • birthday
    • phone numbers (if your mobile number is 897961689, then your password should not contain 8979, 89796, 1687 or any such combinations)
    • names of family members (especially mother’s name, mother’s maiden name, father’s name, brother’s name, sister’s name or spouse’s name)
    • friend’s name
    • pet’s name
    • father’s, mother’s or spouse occupation
    • names of fantasy characters
  • The password should not contain patterns such as 1234, 12345, abcd, zyx, 123321, qwerty, abcxyz, abc123, etc.
  • The password should not contain more than two characters in simultaneous repetition or two repetitions of same or different characters such as aabb, 1122, 0101, abab, haaapy, acb, 998544, 995299, etc.
  • Do not use space character in password.
  • Do not use login name or any variation of your login name as your password. Suppose if your login name is haider then don’t use your password as h@!d3r or as h@1d3r or any other such combination.
  • Your password must contain at-least 5 unique characters.
  • Do not use common names or dictionary words of any language or language slang, dialect, or jargon that exists in any language or common passwords or common phrases as your password that are easy to guess like “Welcome123”, “Password1234”, “abc123”, “Hello1234”, “Camel@123”, “Ajit@1605”, “Honesty is the best policy”, etc.
  • Do not substitute common words with common substitutions. e.g. e → 3 ; a → @ ; I → 1 ; O → 0  ; etc.
  • Do not use the same password that you are using on any other website.
  • While setting up a new password, do not use the password that you used for the last 5 times. Create a new password. Don’t just rotate the list of your remembered passwords.
  • To create a strong password, you can use a passphrase. For example if you like the sentence, “I can remember my password easily and create a strong password” then your password could be “1cRmPeAcAsP” if you create a password using the first letter of each word, or “!cRmP3&c@Sp” if you make a more complex password by taking the first letter from each word, or “1AeYaAnRaTa” if you take the second letter from each word of the sentence. The passphrase used for creating a password can be anything such as a line from the song you like, a phrase that you like, a line from your favorite poem, a dialogue from a movie, a sentence that you like the most or any other thing.
  • Do not save the password anywhere in your mobile or computer.
  • Do not write your password anywhere. If you are writing your password anywhere, then keep the paper or file in a very safe place like bank locker, home safe, etc.

After creating your password, you must verify that how long it will take for a computer to break your password. To do so, visit the link below and check it out before using your newly created password.

https://howsecureismypassword.net/

Based on your password strength, whether your created password takes million or trillion years or more to be cracked, there is one last thing I would like you to know that there are many other ways in which an attacker can gain your credentials apart from data breach and random login attempts. So, to be sure and safe, change your normal credentials like airlines membership passwords, online store passwords, etc., every 3 months and your important credentials like e-mail account passwords and your banking passwords every 30 days and enable two-step verification wherever possible.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: