A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which is to be kept secret from those not allowed access.

The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online. 

Remembering multiple passwords can be difficult but easy passwords are often prey to cyber criminals. Here are some tips on how to up your password game.

* 123456 is the most commonly used password globally.(Sophos)

Today is a dedicated day for one of the most important part of our day-to-day lives, passwords. There’s a password for almost everything now starting with smartphones, emails, net banking, Netflix accounts, and more. On ‘World Password Day’, we take a look at the most used passwords, and a few tips on how to up your game with passwords.

The most commonly used password globally is ‘123456’. This was also the most attempted password used by cyber criminals to enter the Mumbai cloud server honeypot, according to a study by Sophos. More passwords that made it to the list were 1234, admin, ubnt, and 12345. The UK’s National Cyber Security Centre (NCSC) also revealed that 123456 were appearing in over 23 million passwords.

Using the same password for multiple accounts seems understandable since it’s not easy remembering them. However, this makes users vulnerable to cyber criminals when the same password is compromised. Here are a few tips on why it’s important to keep passwords protected. 

Google released a list of the most common password types on a report, all of which are considered insecure because they are too easy to guess (especially after researching an individual on social media)

    * The name of a pet, child, family member, or significant other

    * Anniversary dates and birthdays

    * Birthplace

    * Name of a favorite holiday

    * Something related to a favorite sports team

    * The word "password"

Unique passwords

Create unique and hard to guess passwords for your accounts. Keep your passwords at least eight characters long and include an uppercase letter, a number and symbols. It is highly advised to not keep one’s birth date, kid’s name and such personal details as passwords as they are one of the easiest to guess.

Password managers

Remembering passwords and that too difficult ones can be a big task. For those who find it difficult in remembering passwords can opt for password managers. Google Chrome comes with a built-in password manager on the browser. Smartphones from companies like Samsung and Apple also come with tools like Samsung Knox and iCloud Keychain for password protection.

Multi-factor authentication

For added protection, it’s advised to use multi-factor authentication for passwords. This security tool adds a secondary layer of protection to accounts in addition to passwords. For example, Google’s two-factor authentication requires users to enter a six-digit code sent to their registered mobile number.

Password security Methodology

 Common techniques used to improve the security of computer systems protected by a password include:

    * Not displaying the password on the display screen as it is being entered or obscuring it as it is typed by using asterisks (*) or bullets (•).

    * Allowing passwords of adequate length. (Some legacy operating systems, including early versions[which?] of Unix and Windows, limited passwords to an 8 character maximum,[33][34][35] reducing security.)

    * Requiring users to re-enter their password after a period of inactivity (a semi log-off policy).

    * Enforcing a password policy to increase password strength and security.

      *  Requiring periodic password changes.

       * Assigning randomly chosen passwords.

       * Requiring minimum password lengths.

     Some systems require characters from various character classes in a password-for example, "must have at least one uppercase and at least one lowercase letter". However, all-lowercase passwords are more secure per keystroke than mixed capitalization passwords.

        Employ a password blacklist to block the use of weak, easily guessed passwords

        Providing an alternative to keyboard entry (e.g., spoken passwords, or biometric passwords).

        Requiring more than one authentication system, such as two-factor authentication (something a user has and something the user knows).

    * Using encrypted tunnels or password-authenticated key agreement to prevent access to transmitted passwords via network attacks

    * Limiting the number of allowed failures within a given time period (to prevent repeated password guessing). After the limit is reached, further attempts will fail (including correct password attempts) until the beginning of the next time period. However, this is vulnerable to a form of denial of service attack.

    * Introducing a delay between password submission attempts to slow down automated password guessing programs.

Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security as a result.