World Passwords Day: Here's how you can create Strong Password (Personal Experience shared)

Is your password strong enough to keep your data safe or are you using something very easy and predictable to secure your important files or social media?

Network and endpoint security expert recently revealed that ‘123456’ is the most commonly used password globally in its report, Exposed: Cyberattacks on Cloud Honeypots. The said password was attempted at least 1.376 times by cyberattackers to login in the Mumbai cloud server honeypot within a span of 30 days.

A honeypot is a system intended to mimic likely targets of cyberattackers so that security researchers can monitor cybercriminal behaviours, Sophos said, adding that honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.
“Passwords are an important aspect of computer security – they are the front line of protection for user accounts in a very wide variety of services and systems. Unfortunately, people are not changing factory default passwords, which cybercriminals are counting on to carry out their attacks.  Building strong, unique passwords and using a password manager to keep track of them is a best security practice everyone should use in this digital age,” Sunil Sharma, managing director sales, Sophos India & SAARC said.

On World Password Day, here are a few tips on how you can protect your data online with a stronger password: 

• Use complex passwords not just for your email or social media accounts but for laptop and mobile phone logins. This also applies to Netbanking, as well as, digital wallets or apps.

• Sophos recommends enabling multi-factor authentication wherever possible. This adds an additional layer of protection against someone trying to access personal accounts.

• Use a properly secured password manager that helps you create and store secure passwords and secures it from not appearing on Pwned passwords. Pwned passwords are such passwords which have been previously used for data breaches and are not recommended to use.

• Learn how to choose proper passwords. Since most people end up with a dozen of online accounts and have to create passwords all the time, Sophos recommends to create one really excellent password and lock the central ‘password vault’ of your password manager.

Sensitive accounts like that of banking and other accounts where financial data is accessed and stored, try to create a unique password, Sophos said.

Personal Experience

I once went to a company audit, wherein a fraud was detected, where someone who had access to the email address of the company, mailed many of their clients, by pretending to be an official of the company, as to pay the company (him) their outstanding amounts, while attaching his own account details.

What shocked me was, something like this had already happened in the past with company, and all they did was change their passwords.
Luckily people were caught (They weren’t employees).
I simply advised them to enable two factor authentication. This way, if anyone wants to login into your gmail accounts, an otp will be send to your registered mobile number. Obviously once logged in you can enable your trusted computers.
These small things matter a lot in our day to day life.