Even if you avoid using personal details in your password, a hacker can crack it. Often people will reuse passwords across multiple sites. Hackers will search for data stolen in previous data breaches to see if your credentials have been leaked before. The hacker will then try that password on your other accounts to try to break in.
A password manager helps you create complex passwords and saves them. While this protects your password on most sites, it also provides a single point of failure. A hacker who cracks your password manager will be able to access all of your accounts. However, if you use a complex, long, random password to secure your password manager, a hacker may find it extraordinarily difficult to hack.
You can avoid the need for a password manager by creating complex, memorable passwords. You can accomplish this by using a system such as Diceware to generate passwords. Diceware works by rolling 5 six-sided dice to generate a word. You can use the generated word to create multiple passwords that are sufficiently long. For example, you might roll the dice three times and get the words “Hunger Starship Genre.” You can then add random numbers and symbols and capital letters into the words to get something like “Hu#n2Ger StarSh!ip4 gen&54RE.” This password only requires a user to remember 3 words but is complex enough that it will take a hacker a decade to crack. More information about this system can be found here ( https://diceware.dmuth.org/ )
Another great security strategy is enabling two-factor authentication (2FA). 2FA requires you to present two different types of identification such as a password and a one-time token sent to your phone. So, even if a hacker compromises your password, he will not be able to access your account because he doesn’t have the token.
Encryption scrambles your password so it’s unreadable and/or unusable by hackers. That simple step protects your password while it’s sitting in a server, and it offers more protection as your password zooms across the internet.
Four main types of encryption exist.
- Symmetric key: Your system has a key for encryption/decryption. Move your password through this key to scramble it, and push it back through the key to make it readable once more. A hacker must steal the key to take over your password.
- Public key: Two keys play a role in altering your password. One, a public key, is available for anyone to use. The other, a private key, is available only to a select few. Use one to encode a message, and the recipient needs the other to make sense of it.
- Hashed: A computer algorithm transforms your password into a random series of numbers and letters. A hacker must know what algorithm you used to change your password, and that isn’t always easy to discern.
- Salted: A few random numbers or letters are appended to the beginning or end of your password before it moves through the hashing process. A hacker must know the hash (which isn’t always easy) as well as your hashing algorithm to decode the message. Your administrator can use a fixed salt that’s the same for every password, or they might use a variable salt that changes with each password.
LINKS for Tools
Dehashed — https://dehashed.com/ (Not Free)
WeLeakInfo — https://weleakinfo.to/v2/ (**CURRENTLY DOWN)
LeakCheck — https://leakcheck.io/
SnusBase — https://snusbase.com/
Scylla.sh — https://scylla.sh/
HaveIBeenPwned — https://haveibeenpwned.com/
