Loading...
 
Skip to main content

DRAFT

SIL Information Security Training for End Users:  Secure Your Online Accounts

The majority of people use very weak passwords and reuse them on different websites. Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. You need to use unique passwords on every website. These should also be strong passwords -- long, unpredictable passwords that contain some numbers and symbols. 

Your privacy and security is only as good as your passwords. Aside from using two-factor authentication and keeping your operating system and Web browser up to date, strong and unique passwords are the most important thing you can do to protect yourself online. 

Tips for Creating a strong Password

Security experts often recommend using long passwords. Modern computers are fast enough to quickly guess passwords shorter than about 10 characters, sometimes even longer. This means that short passwords, even if they are completely random, might be too weak. A secure password should be at least 16 characters long. Length will determine your passwords’ strength more than anything else.

One option for making the passwords longer is padding. Pick two close-at-hand keys and alternate them, adding something like "vcvcvcvc" to the front or end of your passphrase. Or choose three characters, like "lkjlkjlkjlkj". 

The Importance of Master Passwords

If you are using a password manager, it relies on a master password to secure all your saved passwords. This master password unlocks everything else, so it's crucial to create not only a strong password but also a password you can memorize.

Tips for creating a memorable Password

One effective way to create a long, memorable password is to use a passphrase. To create passphrases you can choose your preferred method. It can be made up of randomly chosen words (this can be both easy to remember and hard for others to guess). Pick words that don't naturally go together, then create a mnemonic story or image to link them. For example, what would you picture for "iceland-wired-red-totally"? 

A passphrase kmkm like correct horse battery staple kmkm is significantly more difficult to crack than Tr0ub4dor3&?, due to its length, but also much easier to remember.

Another idea is to choose one of your preferred biblical verses that you customize a little bit. For example, you might want to intentionally misspell a particular word to be more secure. 

Techniques for Strengthening Passwords

One option for making passwords even stronger is to use complexity. You might want to use these four types of characters: uppercase letters, lowercase letters, digits, and symbols. The reason is that expanding the pool of characters significantly increases the time required to crack the password. Using shift keys, like typing "!!!", is not very safe. Hackers know this trick and test for it first.

Using unique passphrase 

Your passphrase should be used for a single purpose and never reused for multiple online accounts. This way, if the password is found or cracked, the hacker will only gain access to one site and won't be able to use the same credentials elsewhere. So, the more they are significantly different from all your other passwords the better it is. But how can you remember dozens of long, unique passwords? This is where using password managers enters into play.

A password manager can create and remember strong / unique passwords, helping avoid having several accounts cracked if one password is cracked. See this article for using Password managers. 

The Innovation of Passkeys in Password Protection

A new advancement in the field of password protection is the introduction of passkeys. Passkeys are the result of a collaboration between Apple, Google, and Microsoft to develop a technology that replaces traditional passwords. Unlike conventional methods, passkeys do not rely on human-readable shared secrets, which are highly vulnerable to attacks and easy to bypass. Instead, passkeys leverage the security functions of devices, such as fingerprint readers or facial scanners.

How Passkeys Work

Passkeys use a system of certificates with private and public keys. The public key is transmitted, but even if it is intercepted, it cannot be reused, providing robust protection against identity theft through phishing, keyloggers, and other attacks. The private key, on the other hand, is presented when the user authenticates on their phone or computer using biometric methods or other secure means. This private key is stored locally on your device and never in the cloud, ensuring it is safe from data breaches and never transmitted.

Advantages of Passkeys

Passkeys offer several significant advantages:

  • Enhanced Security: Keys are always strong and unique, making them highly resistant to theft and phishing attacks.
  • Ease of Use: There's nothing to remember or manually enter, simplifying the authentication process.
  • Cross-Device Syncing: Passkeys are synced across your devices, ensuring seamless access.

Who Uses Passkeys?

Leading companies like Microsoft, Apple, Google, Amazon, and Bitwarden have adopted passkeys, highlighting their commitment to enhancing security and user convenience.


 

Here are some training videos that might interest you

Password Attacks

Password Attacks 2

Security Best Practices 

 

Contributors to this page: admin .
Page last modified on Tuesday March 4, 2025 10:05:45 GMT-0000 by admin.
Show PHP error messages