Recently, the Twitter account of India’s PM got hacked by someone who might be a Keanu Reeves fan (who isn’t?!). And, obviously, that’s not the only high profile account which has got compromised in recent history but it keeps happening once in a while. If even the most powerful person in the country is insecure online, think about yourself. Your password would be even easier to break down. It is just Password@123. Right?
Normally, Passwords are somethings we hold very dear. We can share the most personal things with others but not passwords. Some people do share passwords at work for common systems which is highly risky in itself but they will never share passwords of their bank accounts for sure.
It doesn’t matter how long it is. What matters is how powerful it is. Is it a weak one, moderate one or so strong that it is almost unbreakable?
I am talking about passwords, of course. Here’s a short story about it:
Location: Basement of a friend’s house.
Date: Sometime in the late 90s or early 2000s, when not everyone had a personal computer or a phone. So yes, long ago!
So, I was in school and one of my friends had just bought a new shiny personal computer. A couple of more friends and I had come to witness the beauty. Although, it was not like we weren’t familiar with computers. I am not a Dinosaur but it was still a good thing to have one for personal use. And to show off.
We were happily enjoying it and randomly surfing the applications and The Internet (using Dial-up connection so anything which opened was a bonus). Then, the friend who owned the computer got a call from his mother. So, he locked the computer and went away. He told us not to try passwords else it would get locked after few failed attempts. Yada, yada, yada and he went upstairs.
Once he went away, we thought of trying the available attempts. We ran our minds to guess what the password could have been! One friend suggested the house’s fixed line number, another suggested his nickname. I just typed in few letters and voila! It had got unlocked. I didn’t do anything special of course as I had just typed in the name of his suspected crush. Poor fellow, now this had got doubly confirmed. He returned and saw us chuckling and giggling. He then blasted us for this mischief but couldn’t do much as we were already into splits and we ended up laughing our guts out for next 30 minutes or so. (We were still in school then and young boys as you know, are idiots).
Moral of the story is that almost everyone had a password which could be socially engineered out of them if you knew about the person a bit. I can recall one more instance when I asked a friend about some name and could log into his account by using the forgot password option. Easily! But, don’t worry, I am not that evil and I didn’t do anything bad after logging in as I was such a saint that I told the friend that it was a cakewalk to hack your account. Better up your passwords game. He didn’t talk to me for few days though.
Nothing much has changed since then. People still use easy words as their passwords. Moreover, due to the exponential increase in applications we use, the number of passwords to remember has also gone really high and difficult to manage. There are surely many good password manager tools but then someone has to set master password eventually. And if that’s done, again you are doomed. With growing worries about UID and possibility of data being sold/hacked or compromised, we should ideally be more concerned about our privacy, than we are right now.
I remember one instance when there was a conference call happening with screens being shared. One of the participants had to share the screen. Before the person could switch on to the application to display, a notepad app was visible by chance. It had all the passwords for all the things one could imagine, written down and visible for over 2 minutes.
Fact is, however strong your password is, if you cannot remember it and depend on writing it down somewhere, the cause is lost. If we move towards biometrics completely, there will still be some scope of hacking. Rather, if you remember the passwords properly and they are really random, nobody can hack it or it becomes very difficult. Unless they kidnap you and you have to tell it at a gunpoint.
So, what’s your password? Still your crush’s name? C’mon both of you have already got married, to separate people. Change it to something better people!!
If you want my personal opinion, change your password to some name of the person you hate and add your date of birth to it in random fashion and then add a character which you think is of no use being on the keyboard.
Here are two comics from XKCD about passwords for your enjoyment.