Password History, Expiration, and Complexity: Explained!
Since the start of the digital revolution, the world has become smaller and humans have developed a culture of always being connected.
Today we are surrounded by digital transactions, digital communication, digital social life, and whatnot. A massive chunk of all kinds of data is available on the internet, be it your personal or professional data.
The internet knows about you more than you. Imagine what an individual can do if this data falls into the wrong hands. I am not here to instigate fear in you about the digital world, but you cannot neglect the possibility of this happening.
We all are conscious about our privacy and data security, and a perfect real-life example can explain this. Most of us know when and where we have to switch to our internal privacy mode according to the situation.
Passwords are the only measures that help us immensely to protect our data. So don’t you think our protector should be more robust? Yes, it should be strong enough to withstand multiple attacks trying to steal your data.
What are Passwords?
I don’t think that anyone needs an introduction to “What is Password.” We are surrounded by passwords from the time we wake up till the time we sleep. “A password is a combination of characters and symbols which uniquely identifies each individual.”
A password can be used in multiple scenarios, but the motive to use them is similar, i.e., to authenticate the individual’s identity. Passwords are used mainly with a unique ID or “Username,”—together, the combination is referred to as Login credentials.
Most of the passwords contain letters, numbers, special characters, and symbols, and they can vary in length. Before setting a password, you should ensure that the combination should be easy to remember but hard to crack, which means it should not be that easy that everyone can guess it, and it should not be much hard that you forget it after some time.
What are Weak Passwords?
Once an account is created on any website, it prompts us to set a new password for the site. The passwords we set that time can be categorized into two types, Weak and Strong passwords.
Let’s see some very common practices for weak passwords.
- Simple Passwords: Passwords set without giving much thought about it are called simple passwords. For example: “password”, “qwerty”, “123456” etc. The password cracking software works in such a way that it looks for these types of obvious combinations.
- Passwords with personal information: If you tend to use your personal information as a password, you are in big trouble as hackers can quickly get such data from your publicly available social profiles. Data such as your birthday, anniversary, or graduation year are personal information, and one should avoid using them.
- Repeated Passwords: With multiple accounts, some users find it challenging to remember numerous passwords, so they tend to use the same passwords for each account. But if the hacker cracks the password for one account, all of his other accounts will be compromised.
How Can We Create Strong Passwords?
By now, the need for a strong password must be clear for you, and you must be eager to know in what ways a password can be made stronger. Calm down! We are about to cover some important points by which password security can be enhanced many folds.
There are various ways to enhance the security of your password; however, I am highlighting three such points which every business and individual needs to ponder while enhancing the security of their passwords. These are :
- Password History
- Password Complexity
- Password Expiration
Enabling this feature in your product/website can add an extra layer of security to it. This feature holds the history of passwords that are created for a particular account.
Password reuse is now an important headache for organizations as users tend to use similar passwords as they have used in the past. Using the same password for a longer period of time gives more chances to the hacker to determine the password.
The password history feature can have a limit up to which you can not use any such password which you have configured. For example, if you set the limit to 5, then you will be unable to use the last five previous passwords.
In this way, consumers will be forced not to reuse their old passwords again and again. Setting a new password creates challenges for an attacker, and the account remains safe.
From the above points, we have learned the importance of not using old passwords; let’s understand how our new passwords should be. Creating a strong password requires a combination that can not be easily guessed by attackers after extracting some information from your social handles.
If you have kept your password as plain text, let’s say a name of your first dog or a favorite picnic spot, etc., which can be easily guessed by attackers once they get some data from the social network. In that case, your privacy and data are at risk of being compromised. To avoid this, you must create a complex and hard password.
Now you will ask what are the ways by which you can create a strong and complex password and also remember it. I have sorted out few important points which can be followed while creating new passwords:
- Passwords should be long enough: Short passwords are easy to crack as they have fewer numbers to be cracked but at the same time, cracking a long password is a herculean task. An ideal password should not be less than 12 characters.
- Not using obvious dictionary words: Make sure you do not use any simple word that contains some meaning (ex [email protected], red#12). If you create a password that is exactly the same as a dictionary word, then it can not be foolproof. There can be instances where such passwords can be easily cracked.
- Use random alphabets: The best and the safest passwords contain alphabets in a completely random manner. They can be in uppercase or lowercase. Their placement does not make any sense or meaning. For example, (J56yh#$fhB). These types of passwords are a tough nut to crack.
- Do not use any personal information in passwords: Passwords that contain some personal information such as your date of birth, your graduation year, etc., poses a greater risk of being compromised. Therefore avoid using any personal information in your passwords.
- Avoid memorable keyboard paths: It is advised not to use any sequential keyboard path or any combination that you are very familiar with. For example (qwerty, [email protected],).
Most of the organizations which hold users’ sensitive data use this policy of password expiration. This policy forces the user to update/change their passwords after a certain period of time.
As a result, it chips down the time for attackers to guess the consumer’s password. Earlier, consumers used to set up passwords for their accounts, and hackers had so much time to attempt cracking multiple times.
But now, till the time they come up with a possible password, the consumer would have already changed the password. In this way, enabling the Password expiration policy adds an additional layer of security for your passwords.
Protecting consumer’s data is a top priority for many organizations as it is the basis of the trust that their consumers have placed in them. There are various other techniques which you can embed along with these three to push your password security to the next level.
Some of them are using Two Factor Authentication, Biometric authentication, Brute Force Lockout, and many others. Together these can increase password security many folds.
If you really want to survive in this digital world where everything is digital, you are required to have some basic understanding of how to protect yourself and your data from being compromised. Passwords are nothing but a key to your digital locker, and hence they will be as strong as you make them. Follow the above-mentioned few points and consider most of your data secure.
*** This is a Security Bloggers Network syndicated blog from LoginRadius Identity Blog authored by Ashish Kumar Yadav. Read the original post at: https://www.loginradius.com/blog/start-with-identity/password-history-expiration-complexity/