Hackers have stolen 11 million passwords from website of Ashley Madison which is a big tragedy in world of password security. Recently on Tuesday, GCHQ published an article explaining the importance and common issues of password security.
Most of the websites require complex password such as combination of upper and lower case letter, symbols and numbers. People get irritated to remember such passwords therefore they write them down and reuse it for other websites. “Dr. Steven Murdoch from department of computer science at university college London said that using long and complex passwords provide better protection”
What should be the length of password? Well, some IT experts have suggested to use pass phrases e.g. “Highn60%ofLevel78”. These kind of passwords are more secured and provide great protection from attacks of brute force. It’s a mindset of people that long passwords are secure which is also true but it has some technical problems as well. According to Dr. Sasse password of long pass phrases put on extensive burden on screen of users as more over 50 percent of passwords are now input on devices of touch screen on daily basis. Passwords are usually cracked through malware and phishing there is less chance of attack of brute force.
Most of the companies forced users to change their password on monthly or on weekly basis in order to lessen hacker attacks. According to GCHQ report this process enforced users to change their passwords and set new passwords resultantly they reuse the same passwords which they are having on other websites. Regular changing put on so much burden on user and it harms the security procedure rather than improving it.
Some people use password managers, an application or site which is use to save all passwords which can be retrieve anytime if user forget them. As a matter of fact no password manager is reliable.
So far what is the solution? Well, now-a-days most of the websites offer two way authentication to manage the process of security. In this method in addition to password you also have to enter single code which you will get from your mobile phone. Social networking websites such as Facebook, Twitter is already offering this feature free of cost. This method is providing a great improvement in world of security. If you are having this service you are strictly recommended to access it whereas most of the banks insist their users to avail this service. Ashley Madison website shows that you can never rely on any website so it is commented not to reuse passwords on multiple websites.
According to GCHQ report people of UK use same passwords on different websites and accounts. Don’t re-use essential passwords on other websites. As a matter of fact not all websites provide perfect protection system therefore you are required to use unique passwords to avoid malware and brute force attacks.