Weak passwords
moses.aboiyar / 03.03.2020

Weak Passwords And Why You Should Care

A weak password is a password that is easy to guess by a total stranger or someone close to you. It is usually made up of a combination of your names or name with date of birth, a dictionary word or combination of dictionary words, a simple sentence usually one that has ties to your religious beliefs like 'godisgood' or any variants of it like 'Godisgood' and mixing it with numbers does little unless you mix it with special characters like '@' '%' '$' '&' '*'. Passwords as mentioned above can be easier to remember therefore making it less likely for you to loose access to your application or account but that is about the only advantage they have and an attacker can also gain access with almost as much ease.

You might be thinking there is nearly endless possibilities of a password, how can an attacker make that much of a lucky guess. This method of password guessing is called 'Brute Force' and technically it is submitting multiple passwords or key passphrases with hope that one of them is the correct one and access is granted through the front door. This is accomplished with a word list of possible passwords or a password pattern defined in the shell command of a password crack tool like 'Hydra'. 

Password guessing is done on known targets and most times the username is already known usually ones that won't fall for a phishing attack. Lets say you are working in a government or private organization and in charge of sensitive data that is wanted by rivals, you will be profiled and added to dictionary words would be possible weak passwords you could be using like mentioned above. It is unlikely you will be a victim of password guessing attack but if you are targeted, your password has to be ready.

There are recommendations to make your password stronger:

  • Make it at least 12 characters
  • Add uppercase letters
  • Add numbers
  • Add punctuation and special characters

A password that has those recommendations fully implemented can be hard to remember so my advice is keep an offline record of your passwords at home away from unwanted access. Another way to remember passwords is by saving them to your online accounts logged in on your browser, this way you can forget your password but still access them when logged in to your browser account.

If you are still using a weak password, it is best to change it before you become a target. A word list can have as much as a billion words with all dictionary words inclusive. There is an African advantage cos most African words are not on a digital dictionary or word list therefore making the use of native language words more advantageous and passwords less likely to be cracked by brute force. But if the word is your name or that of a loved one or a combination of both with your birthday, you could still be at risk.

Be safe on the internet and if you found this article helpful, share it and there is more coming.