31st March 2018

Passwords and Online Security

Until last year I hadn't really thought about passwords, how they're stored online and what are the best ones to pick are, but then I needed to code them into my website. I thought it was interesting enough to share with everyone, to hopefully help keep people safer online.

There are really 4 ways you can be compramised (I missed one in the video below)

  • Phishing attack
  • Social engineering/too easy to guess password
  • Brute force attack
  • Website hacked

  • Phishing Attack

    This is when you receive an email or a text saying something like 'You're account has been compromised, please log in to check your details.' and then they have a link, which looks like it takes you to an official website, but actually it's a site they've set up that will report back whatever log in details you enter. The best defence here is to not click the link, but go yourself to the site and log in to check.

    Social engineering/too easy to guess password

    By knowing enough about you, someone can simply guess your password. Maybe it's the name of one of your children, maybe it's your mothers maiden name or your favourite football team. All bad ideas, make your passwords as random as possible.

    Brute force attack

    A program will simply try password after password until it gets to the correct one. Sounds a long process, but it can often process millions of tries per second. You'd be surprised how quickly even an 8 digit alphanumberic password can be cracked this way. Make your passwords longer to exponentially increase the time needed for a brute force attack.

    Website hacked

    You see data breaches far too often in the news. Some big ones recently include Equifax and Sony and often means millions of people's data is compromised.

    There's not so much you can do here, aside from avoiding any site that you feel isn't safe. One big red flag would be if they can send you your password, as this means they're storing the actual password online. No site should be doing this, as they should be storing a hash of your password. There would be almost no way for the hash to be decoded back to you password, but when you log in, they hash what you typed as your password and match it against the hash they have stored. If they are the same, in you go! Watch the video for a better description of this.

    Why not head to the forum to share any of your own tips.

    Click here to see my video explanation of this.

    Buy me a coffeeBuy me a coffee