Passwords

Required & Recommended

Not Required

Your Decision

Categories

Create and use strong passwords

One of the most straightforward methods to comprise or lose an account is through the Login itself. The use of basic and insecure Passwords is common in the online world and leads to a lot of comprised accounts.

Here's how to create a strong password

  • Your password Should be 12 characters long but 14 or more is recommended.
  • Your password should use different combinations, for example; symbols, numbers, lowercase, and uppercase letters.
  • Your password should not be a word that can be found in a dictionary, additionally, the word shouldn't be a person, character, product, or business.
  • Your password should not be similar to previous or current passwords that you use.
  • Try to make your password easy to guess for yourself but not others.

Keep your passwords secure

  • You shouldn't share your password with anyone.
  • Make sure you use a unique password for each website. This is explained in more in-depth below, but in short - once a website becomes vulnerable and a database is stolen; your password can then be cracked (a password is encrypted and that is why the above steps are necessary to make this step longer for the criminal) and used across hundreds of websites
  • Don't send a password by email, message, or any other communication unless you're certain that the method is reliably secure.
  • If you're finding it difficult to remember your passwords, look into using a password manager. These are used to save passwords, keep them encrypted, and if setup - would require MF2A. LastPass is a great recommendation that we use at Digital Zest.
  • If you suspect an account of your own to be compromised, change your password as soon as possible.
  • If possible, enable multifactor authentication (MFA/2FA), this allows you to set up multiple methods of authentication before the account can be logged into.

Why 12 Characters at Minimum?

Most services that you use with registration should allow you to use a minimum of 12 characters during the creation of the account. There is a significant benefit to using a much longer and harder-to-guess password.

If and when a website is compromised and its website database is stolen, the attackers in most cases won't have direct access to passwords right away. This is because most service providers will be using an encryption key (128/256) that makes the password not visible to anyone. Instead what is shown is a randomly generated string.

Dependent upon the encryption key or method used, this factor will determine how much stronger and more difficult the password is to crack. For example, in a 128-bit encryption key, there are 2 to the power of 128 possible combinations a brute force attacker would have to try. For 256-bit encryption, an attacker would have to try 2 to the power of 256 different combinations, which would require 2 to the power of 128 times more computational power to crack than a 128-bit key! (2 to the power of 128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations).

Criminals then crack the randomly generated string in order to find the original password that you set. The longer and more difficult your password is to crack, the longer it'll take for them to get your password.

For example a difficult password like ]RR7qEPCZ=!V6ZbS would take centuries to crack regardless of encryption method whereas, in comparison to a password like abc123, this can be cracked in a couple of seconds or less.