Blog on Passwords - Varnika Vaish - VIII-B
As the world turns more ‘virtual’ than ‘real’ - everything is online: from classes to offices to shopping and wallets and, not to forget, the social media.
With each and every one of these comes a password. While it is fun to use social media, we must stop for a moment to think: “Are my passwords secure?” and “How do I keep my passwords safe?”
To find the answers to these questions, we must first know what a password is. A password is a set of figures that can be used to gain access to something and must be kept private. A hacker could try to steal your password to use it to access your personal information, or accounts, to post something bad in your name or to disrupt your reputation, to steal money from your bank account, and many other things.
A secure password must contain both uppercase and lowercase letters, special symbols and characters, and numbers. The longer, the better. Try not to connect it to any personal information. Passwords like ABCD123 or 123456 are an absolute no - no. Hackers could easily crack such passwords. Also, try not to use the same password for all your accounts, else if the hacker finds one of your passwords, he/she will have access to all your accounts. Remember to change your password regularly. Some websites can tell you how secure your password is while you are making one.
Sometimes a hacker might put a Trojan or a Virus in your device which gets activated when you are about to enter sensitive information. It then sends it to the hacker. A virtual keyboard is a good way to avoid this. Most Trojans can only record information that has been typed by the keys on the keyboard. A Virtual Keyboard is a keyboard on the screen in which the letters are not in QWERTY arrangement and are jumbled. Every time you open a virtual keyboard it jumbles the letters in a different way. Using a virtual keyboard can confuse the Trojan and it will not be able to record the password that has been written. Virtual Keyboards are advisable when you are signing into a bank account from a public device. Public devices are more prone to being attacked by hackers.
A lot of websites have a 2-step verification where apart from entering the password, an OTP (One Time Password) is also sent to the mobile/email, connected with the account. This must be entered to continue to access your account. Even if the hacker gets the password, it will be useless as he does not have the mobile/email access on which the OTP has been sent.
Hackers normally try to crack passwords to bank accounts. Once they do, they log into the bank account and then transfer money to their own account. To prevent this, some banks ask for a second password (mostly known as Transaction Password), that is used when money is transferred to another account. This way the hacker will be unable to transfer money, even if he does manage to find the password to the bank account. Thus, if on a public device,
- Given an option, use Virtual Keyboard.
- Remember to sign out of your account once you are done using it.
- Clear browsing history/Cache of that machine.
Remember, only enter passwords on secure sites which usually start with https:// that you know are safe and can be trusted.