Today I’m going to share with you more than just how to create and use proper passwords. You will learn how to easily remember them, yet make them complicated enough to protect your accounts to the max with top-notch, uncrackable secret words.
Beyond that, I will give you my personal system for those top-notch passwords and explain how and why iCard does not use passwords at all. It actually helps you manage your money as efficiently as possible, without compromising security.
Here we go – everything you need to know to enjoy your online endeavours:
Let’s start with the “NO, NO” of passwords.
It’s both funny and sad to see how many people ignore the security of their personal accounts. Tom’s Guide reports on the worst passwords for 2020. They report on research findings from an analysis of 740 million data breach leaked passwords.
The worse password that even my 3-years old can guess is: 123456
Here are a few more losers:
“password” and “qwerty” are leaders for being some of the world’s worst passwords should the web service provider doesn’t care to require capitalisation.
A fun, or at least interesting, facts is that only 12% of passwords aim for the so-recommended specials characters (?,%,$,^,&,#,@,~,!, etc.).
All of this happens because of a lack of imagination and because many people still haven’t read this article. 😎
TIP: Try to avoid the names of famous people, words or numbers related to you or a family member. Try to avoid simple combinations like 1q2w3e4r which is nothing else than a sequence of the first number and first letter of the keyboard, like asdfasdf.
Now let’s get the severe techy stuff:
How are passwords stolen or hacked?
Hackers, cybercriminals or your boyfriend/girlfriend have different tactics to get to your account for the sake of getting their hands on your money… or your private messages.
Then these stolen passwords get their fair share of eyeballs on the dark web. It’s big money being made on the underground online marketplaces (usually hacker forums). Fraudsters who are not skilled at hacking can simply buy accounts to try and apply their social engineering research, with the primary aim being, again, access to your money!
There are different kinds of “attacks” that can aim at your precise account & password or a company database – to be leaked.But before that, keep in mind that your website passwords usually can’t be acquired with the next 3 attacks, just with the 4th.
The brute-force attack
Brute-force is also referred to as cracking or guessing your password by trying all possible combinations.
There are software and hardware tools that can be applied to your Mac, your Windows PC, Unix, BeOS, DOS, OpenVMS, your Wi-Fi router (if no login attempts limiter is active), or any protocol which is not blocking the requests after a few unsuccessful trials.
Some of these “crackers” are insanely productive, achieving 100s of billions of guesses per second.
That may be the reason you can’t retry a password on a Mac if 1 second hasn’t passed, Making the cracker’s task nearly impossible to try all possible combinations, especially if you have a password that has over 12 characters.
We will get to how to create strong passwords that you can remember, but before that…
The dictionary attack
Rather than test cracking with all possible characters combinations, the dictionary attack is precisely what it sounds like. The hacker would use a pre-arranged words list, like in a dictionary.
This method is somewhat of a shortcut compared to the brute-force attack, which would naturally take longer to execute all combos. It only makes sense for the hacker to use this method if time is a constraint, and if there is a certain degree of confidence that random combinations of know words and numbers would work. These words could be the target’s relatives, pets, places of interests, favourite movies, birth dates of these people, etc.
Using a regular word for your password is not a good idea. Simply select a random combo of words like ElephantMoustacheWalletElevator. This will render the hacker useless against your password skills. The password is long but not easy to remember because the combination does not make sense.
Phishing for passwords and not only
Phishing is a targeted attack that wants to trick you through social engineering. The fraudster who executes aims for your or anyone’s weaknesses – distractedness, greed, altruism, curiosity or respect for or fear from your boss.
The goals are to either click a malicious link, give access to internal corporate IT system by getting your computer infected with a virus or simply reveal information … like a company secret or your password.
One of the ways phishing works is by sending you an email (or an SMS) that seems like coming from let’s say your bank, that includes a link to the clone website of the same institution where you should enter your account credentials.
We have written a separate peace to introduce you to 9 types of phishing attacks. We simply do our best to keep you protected, just like we protect your money in your iCard digital wallet.
Keyloggers can be dangerous and hard to discover
Keylogging is how your sneaky partner (husband, wife, girlfriend or boyfriend) can aim at discovering not so much your bank account access, but your deepest secrets.
Maybe, if they find something terrible, their emotions could take them into doing silly stuff by accessing your bank, but then they can really get in trouble for defrauding you.
That’s why you should keep your computer locked with a smart, long, top-grade strength password.
How to create strong passwords that you can remember?
Now to the practical side of having a strong password that will protect you, your money and your private information, while it’s easy to remember.
The average password length is 9.5 characters – a number coming after extensive research of data breaches throughout the years.
Knowing what brute-force is you should, here is what you should do with your passwords:
Make them long
As mentioned already, it’s essential that you don’t go for silly-short passwords. Go beyond 16 characters to remain as safe as possible.
Mix characters up
Make your passwords reliable by mixing in uppercase letters, numbers and special characters, increasing your chances for sustaining a brute-force attack.
Avoid substituting letters with numbers
Password cracking tools were made by people like us and know how many of us think we are creative when we replace:
- “B” with an “8”
- “T” with a “7”
- “O” with a “0”
- “E” with a “3”
- “Z” with a “2”
- “A” with a “4”
You got the idea. Replacing symbols won’t save you if your password is not up to the standards.
Avoid keyword paths
One of the first keyword paths that are usually cracked of course are: “qwertyui”, “asdfghjk”, “zxcvbnm”, “qazwsxedc”, “123456789”, “987654321”
Combine memorable words
As we mentioned earlier, short passwords are easy to guess/crack, and you should go for combinations of words – not random, but such that you can easily remember. And don’t forget to capitalise some letters, while adding special characters.
Adopt or come up with your system for remembering strong passwords
Doing this will make sure you double or triple up your current password protection. Let me reveal my strategy that quadruples my security:
The site name with my combo
My best way to go for a new, unique password for a particular site is to use the site or app name while making it easy to visualise the word. Add up some random characters input into the word, in your spot.
I will try to explain my system.
I always limit my passwords to 5 words.
I use the first 5 letters of the app or site in my password in a particular location.
I input a unique character starting from “*”, going back through “&”, “^”,”%”, “$”, mixed into a position of my choice in each of the 5 words. In the example below, that will be position 4.
Then I use a person’s name, an animal, a city name, food name and lastly, a word that reminds me of that website or app’s name, all matching up with the first 5 letters of the actual website or app.
So my Twitter password includes the letters: T, W, I, T, T in each word that starts with the same letters, in the 3rd spot.
The first letter starts with “T” – Tatiana. Next, I add another “T” in the third spot, making it into “TaTtiana”. Then I add the first special character in position number 4 in the first word, transforming the first word into “TaT*tiana”
Following the same pattern, my Twitter password turns into:
Crack this, mother cracker.
Of course, you can go more simplistic with your password, yet make it strong enough to resist an attack:
The method of the revised passphrase
This adds a twist of the multiple keyword method. Simply choose unusual and odd words and mix them into a sequence that capitalises every 4th letter.
You can use the names of people, businesses, animals, friends and words in a foreign language.
The cracker may figure our Hancock or Marta, but this odd combination – highly unlikely.
Capitalise every 4th (or 5th) letter like this…
…to make the Macbook cracking virtually impossible to happen within this century. Throw in a special character and copy+paste the same sequence once again and you are safe for the rest of the millennium.
There are other systems for remembering passwords such as Turn a sentence into a passphrase, The electrum method, The PAO method and The muscle memory method. I tried to give you something beyond what you would find on the net, but in case you are curious, you can find all the 4 above-mentioned, easy-to-remember password-creation strategies in this LifeHacker article.
How often should you change your password?
You are always recommended to change passwords often – I do it every half a year to a year or so, and that’s what many advise.
IMPORTANT: It’s crucial that you have different passwords for the various services you use, in case someone uses a keylogger on you.
So, we are delighted you read all the way here and now have your system for remembering various passwords.
Password managers can be an excellent helper.
We know that even with the hints on remembering strong passwords mentioned above, this can sometimes be a burden.
A password manager can become your password memory, remembering all the creative or machine-generated, extra-complicated passwords that you have for all your different app and web accounts.
Here you need to be sharp: Don’t forget the password for your password manager 😃 This is why we need to mention it one more time – take all the hints above and learn them by heart. It could save you lots of trouble and wasting time.
When you are ready, simply find a password manager and get it set up on your phone.
2-Factor Authentication is the new security standard
2FA adds a second step during login. The first factor usually is your password, and the latter can be one of the 3:
- Something that you are (Fingerprint, FaceID, Iris scan or a voice print)
- Something that you have (Debit card number, SMS code or a hardware token)
- Something that you know (PIN, passcode, a pattern or the answer to a secret question)
It is fair to say that what I outlined above can make your online accounts 99.99% protected.
In essence, your mobile device is your key to everything you have online! It’s protecting you up to the standards, so …
DON’T GIVE ACCESS TO YOUR PHONE OR YOU RISK LOSING MORE THAT WHAT CAN BE RECOVERED!
How iCard applies 2-Factor Authentication to protect your money.
MOBILE ACCESS AND TRANSFERS
Firstly, we don’t use passwords!
Everything starts on your mobile device, when you want to open the so-called multi-currency account.
You create a six-digit passcode and we remember your device. If you use another device, you will need to get a new access code by SMS, making it nearly impossible for anyone else to login on your behalf.
Then, you have the option to switch from logging in with a passcode to using fingerprint scan or FaceID. This makes sure it’s you.
Beyond login to the iCard app, we use the same verification when you are making bank transfers or instant & free transfers. You select who you send money to and then just confirm with a fingerprint, FaceID or passcode.
WEB PLATFORM ACCESS AND TRANSFERS
Beyond transfers, iCard provides our users with a web platform access to account functionality. It’s simply the same convenience, served via a different interface – via a web browser for desktop and laptop screens.
Since we have protected your phone, we use it as your key to your online iCard account.
During web login, we let you enter the phone number associated with your account.
Next we send you a push notification which opens the iCard app on a very particular screen – the QR code scanner.
You have less than 60 seconds to scan the on-screen QR code, which will authorize your web platform login.
Then, the same transfer logic applies when money goes out of the account – you get a push notification to your phone and you authorize it with your Fingerprint, FaceID or passcode.
Enjoy the security of your money with iCard Digital Wallet 😎
Additional security tips surrounding passwords
- Just use common sense and research if anything is unclear.
- Never share your password, ever.
- Before creating an account, make sure you check if the site is legitimate. For example: Look for the padlock that shows the site is https:// secured.
- Use a VPN when connecting to open (public) wi-fi networks.
- Check this website from Avast antivirus to see if your password was ever part of the information dumped via data breaches. Change your passwords if it has.
- Choose uncommon answers to secret questions, something that only you know. Don’t go for things people can easily find out about you in the social networks.
- Tell others how important it is to get protected well. Share the tips you know, and they will think you are very cool.
- Data breaches keep happening, so stay proactive and change your passwords now and then, even if they are top-notch.
- Use anti-virus software and update your apps and software to the latest versions.
And since this is iCard’s blog, we should also mention that you have to avoid letting others know your debit card PIN.
Just be smart with your money, your online accounts and always do your research when unsure.