05 December,2021 08:44 AM IST | Mumbai | Nidhi Lodaya
The NordPass report showed that Krishna, Omsairam, Jaimatadi, Hanuman, Waheguru, Bigbasket, Linkedin and Iloveindia are some of the most common passwords in India
Subscribe to Mid-day GOLD
Already a member? Login
The first thing this writer did after speaking with experts for this article was to change her passwords and silently hope they are foolproof. If your password is any one of these - password, 12345, 123456, 123456789, 12345678-you might want to change it. These are the usual suspects, according to the 2021 NordPass' Top 200 Most Common Passwords. NordPass, a password manager company, compiled this report in partnership with independent researchers specialsing in research of cybersecurity incidents. They evaluated a four TB-sized database that contains already leaked passwords. The report threw up interesting results. Krishna, Omsairam, Jaimatadi, Hanuman, Waheguru, Bigbasket, Linkedin and Iloveindia are some of the most common passwords in India. While some passwords took less than one second to crack, others almost three years (read: wowecarts@123). "However, if the password has already appeared in the top 200 list, even if it takes three years to crack, people shouldn't use it, as clearly, a lot of people are already using it," says Jonas Karklys, CEO of NordPass.
If your password is just numbers, it will take less than one second to crack it, shares Aadarsh Parmar, who has a BTech degree in computer science and is well-versed with the technique of hacking and cracking passwords. He says that a strong password should be anywhere between 12-16 alphanumeric and special characters. "It is easy to apply combinations to an eight-character password, but the combinations for a 16-character password are elongated and complex. If I were to crack it [ a 16-character password], it would take me more than a year," he adds. Ritesh Bhatia, cybercrime investigator and Founder of V4WEB Cybersecurity, believes that even the strongest password, without any two-factor authentication, is as weak as the weakest password. Two-factor authentication is an extra layer of security beyond the username and password. It is usually in the form of receiving an OTP. He believes that it is the responsibility of the platform to guide and help users to come up with a strong password. They can do this by ensuring that all users have a minimum 10-character password consisting of a combination of uppercase and lowercase alphabets, numbers and special characters. "Just the way it is compulsory to have a password, two-factor authentication should also be necessary," he adds.
An important tip that Bhatia gives is to "have a passphrase, not a password." For example, Blackbox could be a password that can be written as B!@ckb0x, but a pass phrase would be âthe blackbox is beautiful', where the required special characters can be added. "Not only will a passphrase be longer [more than eight characters] but also something which won't be in the dictionary," he says. A dictionary, in this context, suggests a dictionary attack. A dictionary attack is similar to a brute force attack where the hackers use a combination of words, numbers and alphabets. "Make the pass phrase in your regional language so that it makes it unpredictable for the hacker to assume what you are typing," adds Bhatia. Parmar says how passwords are often linked to a memory. "People don't think of someone cracking their passwords, they think of their memory when they come up with a password," he says. Bhatia also suggests not having a common numbers in your password because they are easy to crack. "You can prefer to use random numbers that are not part of your birthdays, mobile numbers, and other important dates," he says.
According to him, one should change their password every six months and should have a customised password for every platform. "For instance, I add bird, or panchi for my Twitter password, insta, gram or such words for my Instagram password," explains Bhatia. As for those who have trouble remembering passwords, he suggests you seek help from password managers such as LastPass, 1Pass and NordPass.
Karklys believes that even though no one is 100 per cent secure online, they can educate themselves about cybersecurity. "It's important to closely monitor all your accounts, so in case of something dodgy (for example, unauthorised login or a transaction you haven't made), you can spot it early on and take appropriate action. Many people think cybersecurity is difficult, but remember it affects almost everyone."
. 12-16 characters long consisting of uncommon numbers, upper and lower case alphabets and special characters
. Have a pass phrase instead of a password
. Make it in your regional language
. Have a two-factor authentication
. Change it every six months
. Customise it according to the platform
