Digital India Myths: Long Password = Secure Account

Nitish ChandanCyber Security


Where the rest of the world is switching to two and three-factor authentications, for a fact most of the Internet users in India are beginning to use passwords sanely. For security both online and offline, only password authentication is turning out to be a failure. After speaking to the masses living in the upcoming digital spaces of India and after hearing about the crimes that have been committed against them, it is safe to conclude that the highest number is due to bad digital practices of the users. Sadly, Long Password = Secure Account is one of them.

Now, why is a long password not enough?

The only problem with Indian users we have observed is that our passwords mean something. If your mother’s or girlfriend’s name is your password with a “@123” at the end, it does not matter how long the name is. Moreover, in today’s world, if your passwords mean something, they are breakable. So, the first thing as a user you need to do is review each and every password. Starting from your WiFi router to your ATM pin. Furthermore, do not let any password mean anything; avoid using @123 or 123! in the suffix. The reason for that is again simple, you are giving the liberty to an attacker to attempt to breach and also ensuring the required probability that one of the combinations works.

I was at a conference a couple of days back and they had a WiFi network protected with a password and WPA2 encryption. While I did not know the password, I urgently needed to use the Internet. Just when I punched in just the name of the router itself and suffixed a “123” to my surprise, I got connected. It was a long name, but too insecure for the simple reason again that it meant something.

What do I need to do?

There are technologies in the banking sector like OTPs on a mobile device which I am sure most of the users are aware of. What every user needs to know is that these two-factor authentications are usable beyond the banking sector. In an era where data is more expensive than any other thing, it is terribly important to safeguard your identity and other personal information. You can read about how to set up two-factor authentication on Google Authenticator here. Therefore, what you can do today is review all your passwords and:

1. Keep a different password for all online and offline accounts and devices.
2. Stop using traditional and default passwords.
3. Do not suffix “@123”, “123!” etc. just to fulfil the requirements of a password field.
4. Do not let your password mean anything. Keep it abstract and don’t let it resemble something that someone can guess.

To read this article in Hindi, click here. इस आर्टिकल को हिंदी में पढ़ने के लिए यहाँ क्लिक करें।