How safe is your password?


By Tinky Ningombam

With Smartphones, ATM machines and Internet usage occupying most our day-to-day lives, we have come to realize how difficult life is becoming for people with a dull memory and/or are unfortunate enough to have partial memory loss. To enjoy great security one needs to show great responsibility, the biggest one which most people tend to overlook is the use of Passwords.

We live in a time when we have say atleast 2-3 online bank accounts, a dozen social media profiles, 2-3 email ids and give or take 2-3 ATM pins. Now in such a scenario, will you remember a complicated password(s) on the tip of your tongue?

A few years into college, we heard of an amazing story that could have come out straight from a Dumb and Dumber movie. After much wait, this chap from our hometown had finally got his first ATM card from his local bank. One unfortunate day, his pocket was picked and he ended up losing his wallet with most of his cash and his brand new ATM card. In no time, even before he could discover that his wallet was gone, his savings were cleaned. And how ingenious of the hackers we thought, managed to get the password in three tries? But no, our guy had conveniently written his ATM Pin on the cover of the ATM holder. Most people laugh at this, we did too. But when I came back home, I saw many people do doing the same thing. “I do not have good memory” they say, “What if I forget” some say.

I am not targeting old people here. The same goes for our intelligent, online savvy young ones. People who cannot think of a new password than their favourite movie or their favourite TV show.  Besides, I have a lot of friends who announce publicly that their passwords were hacked. It is no doubt, they can be, what with how people are so clumsy in using them.  Because besides the fundamental flaw of keeping a universally easy code for a password, one also tends to forget to log in from secure websites or use a secure internet connection. Simple tips like using a “https” link or clicking on the “Never remember my password on this site” pop-ups that are meant to make your internet browsing secure.

So what do normally people do? They create same passwords for Social Media profiles, same passwords for ATM pins and same passwords for Online banking. And voila… your safe deposits, your private emails and your private messages are open for any hacker that knows a little bit about you.

Mostly people of all shapes and sizes prefer to keep use an English password and it is rare when people try to even use symbols.  A recent Adobe hack showed that “123456” is still the preferred password for a lot of people and also the word “password”. Very ingenius. I learnt of a wilder variation recently. The password for my friend’s gmail was “nopassword”.

Anyway, some observations and Don’ts for people who are actively online and love their privacy:

#1 A Password is not supposed to be simple for everyone

#2 Most people will use either or all of the three things in combination: petnames, places, date of birth

#3 A lot of people will always use passwords in the lower case (people will not write “Mary”, they will write “mary”). This makes it easier for hackers to guess words and crack them.

#4 Most people if they own multiple accounts keep online passwords with a simple algorithm e.g : tinky@gmail , tinky@facebook, tinky@twitter. The moment a hacker cracks one password, it is hence easier to crack another profile.

#5 If your ATM pins are either 0000, 1234, 1212 or combinations of your Date of Birth, please change them now because they are the first ones to be hacked.

I understand that we cannot possibly remember unique passwords for all our profiles but it is extremely necessary not to be predictable even when one uses a common code. For instance if you want to use numbers, instead of putting in your date of birth or wedding anniversary, you can try the first day when you moved your house, the first day at work at a particular place, the marks you got in your strongest paper. To break the pattern, changing your passwords every two months is also a very good practice.

Having said that, I still incur that it is quite hard to remember each and every complex online password if you are a very social person, then it is best to use some of the security measures that websites give you, such as  double authentification or account recovery sites.

When an account is linked to your phone number or another secure email id, you can immediately be alerted and even stops your account from being violated and finding out who did it. This is definitely better than what most adults do when they make a new PIN, they write it down on a diary or a piece of paper. That makes the idea of a password defunct.

I am no hacker myself but with some dexterity, it is easy to predict passwords of people with restricted imagination just by following some universal norms like the ones I have mentioned before.

A strong internet password for instance should ideally be longer than 8 characters and should be a combination of Capital and small letters, random symbols and/or numbers in any order.  When asked with an authentification question, you should ask a unique question and provide a unique answer. Because especially if you have personal connections or know their friends and family, passwords are easy to crack, so are the random question generators. Why would your friend not know “your mother’s maiden name?” or “Which year did you graduated?” If you want a secure profile, either for your banks, your transactions or your online profiles, you have to be creative.

“A dedicated password-cracking machine employing readily available virtualization software and high-powered graphics processing units can crack any eight-character password in 5.5 hours – Deloitte report”


Please enter your comment!
Please enter your name here