The Weakness of a Strong Password

Nov 12, 2020
3 min read
Subscribe Now

When J.C.R. Licklider of MIT was writing his memo and talking in August 1962 discussing his "Galactic Network Concept," he projected a globally interconnected computer set. I'm not sure he was expecting the numbers we have presently. With the number of devices joining the internet space growing daily, it would be hard to have an exact figure of devices connected to the Internet. What is unquestionable is that the numbers are increasing daily.

With the number of people using the Internet growing, many firms are moving their activities online. The convenience created by the Internet, breaking of geographical barrier, reliable and fast delivery of goods and services introduced by the Internet has made it something the world cannot live without.

Nowadays, businesses are not measured by how big their stores or warehouses across the globe are but by how visible they are online. However, that is not to say there aren't issues with the Internet. It's undeniable that there is a major crisis of users' security and privacy over the Internet. There are many security vulnerabilities associated with the Internet. Hardly a week can pass without significant security breaches on the Internet.

A security breach is one of the significant problems associated with using electronic devices and the Internet. Victims of this suffer various degrees of damages ranging from having their details compromised, loss of valuable data, money, and identity to those with malicious intentions. Most of these damages cost people their lives and have made many bankrupt. One of the most common ways hackers break into computers or steal people's identity is by guessing the user passwords.

Passwords are the most commonly used authentication system in the world, and when an attacker can guess your correct password, the system assumes the person to be you and grant such person access.

The loss of identity, money, and valuable information due to weak or easy to guess passwords has made users more concerned about creating a strong password. To make a password not something that an intruder can easily decode, many companies/agencies set some specific criteria that the password must follow before it can be accepted as a password. The most common rules are:

1. It must not be a dictionary word (it must not be something that can be found in the dictionary).

2. It must be Alphanumeric (It must contain both Alphabet and Number).

3. It must have at least a capital letter and a small letter.

4. It must be at least eight letters.

5. It must be changed after 3 months maximum.

All the rules are to make your password a strong password and something that will be uneasy for an attacker to guess. The major problem associated with a strong password is that users do not always remember the password due to the combination of many things in setting up the password. Many of those who have a strong password are guilty of penning it down or saving it on their system in plain text, violating the password policies.

The major weakness of the strong password isn't the one stated above, but the false sense of security it gives users. The feeling that "My password is strong and you cannot crack it." Most of those who have the "strong password" have just one, and they make use of the same on every system that requires authentication.

Take a scenario: an intruder wants to access your Gmail account, but due to your password's strongness, an intruder couldn't guess the right keys. The intruder needs to create forms that match your interest and lure you into signing up for such a site (for example, if you are a football lover, a football trivia site can be developed by the attacker and share the link with you to register). People often unintentionally drop details to the attacker without even realizing it.

The attack method is on the rise against a strong password, and a lot of people are falling victim to it. The best way to prevent such is to be careful and

1. Avoid using the same password for untrusted sites

2. Don't use the same password for recognized sites (like Facebook, Gmail, Amazon) with unknown sites

3. After you register with an untrusted site, immediately change your original password.

4. Separate work details (email and password) from other sites that are not for work purposes.

Remember that security isn't meant for the IT officers alone. You also need to be security conscious, be aware, and stay and alert.