How do passwords work on the web?
When you create an account on a website, you typically need to choose a password, which is can be a word or words, or a series alphanumeric or special characters.
Websites stores a representation of your password, which is called a hash, rather than storing the actual password in plain text. This is done to protect your password in case the website's database is compromised.
When you enter your password to log in, the website takes the password you entered, applies the same hashing algorithm, and compares the resulting hash with the stored hash. If the hashes match, it means you entered the correct password, and you're granted access.
How do we keep the passwords safe?
My top 5 recommendations and best practices to help keep password safe are:
- Use a strong and unique password. It should be long complex and difficult to guess. Include a mix of uppercase and lowercase letters, numbers and special characters. 16 or more characters is a good and secure starting point
- Create different passwords for each website account. So if one is compromised, your other accounts will not be affected.
- Use a password manager application to store all your unique passwords. The application can help you to generate passwords and can automatically fill-in your password whenever you need. You only have to remember the master password.
- Enable multi-factor authentication (MFA) whenever possible for your online accounts. This adds an extra layer of security requiring a second verification, such as a code sent to your mobile device.
- Regularly update you passwords, specially for critical accounts like your financial accounts. Changing these critical passwords every 3-6 months is recommended.
Do’s and Don’ts about passwords.
We’ve already covered the Do’s and here are the Don’ts about passwords:
- Don’t use easily guessable information. Some examples are your name or birthday.
- Don’t use default passwords like “123456” or “password” or “qwerty”.
- Don’t share them with anyone, including friends or family.
- Don’t write passwords on a physical or digital notes that can be easily accessed by others.
- Don’t fall for phishing attempts in emails, messages or websites that attempts to trick you to provide any information or passwords. Verify the legitimacy of any requests for your personal information.