READ ALSO -> Most used techniques for stealing passwords on the internet
How to test password security
Before choosing a password it is advisable to know what are attacks it can suffer, especially if we are targeted by a hacker (which is quite remote but not entirely excluded). After seeing how a password can be cracked we will also show you the best offline tools (without Internet access) that we can use to test the validity of the chosen password.
How is a password hacked?
Most people don’t manage corporate databases and don’t have a computer that holds other people’s data, so it’s unlikely that an experienced hacker would waste time cracking a private PC. This does not mean being immune: even a simple virus can act as a key to enter the computer and force passwords, so as to give access to very sensitive accounts such as e-commerce and home-banking. While trust in internet payment and banking tools has rightly grown, attempts by cybercriminals to steal data and passwords to steal money have also increased.
The procedure for discovering a password is called Brute Force: it is nothing more than the work done by particular programs that quickly scan all the possible combinations of letters, numbers, and symbols until they find the password to access. The problem with Brute Force procedures is that, if the password is long enough and with alphanumeric characters, it can take weeks or months to find a password.
In order to resist cyber-attacks and avoid password theft, it is a good idea to install a great antivirus always updated, an additional firewall to that provided by Windows, and, as an additional defense tool, antispyware.
These tools may not be enough if we choose a password that is really too weak: before using any password on a site or on a new Windows account, it is advisable to do a quick test with one of the programs that we will show you in the next chapter.
Test passwords before using them
To test the goodness of passwords, they really exist on many sites but we advise you not to use them: we cannot know in advance who is behind the site e we risk exposing the password even before using it (who would ever post the home alarm password on the internet?).
To test the password without risk we can use a free and open-source program such as KeePass, downloadable from the official website. Once downloaded and installed on our computer, open it, create a new password database, press the button at the top Add an entry and enter the password to be tested in the field Password, and press next to the 3 dots to make it visible.
By entering the password we will get an evaluation in the field Quality, with the bar that will turn green by inserting special characters, numbers and lengthening the password itself. A good password must consist of 20 mixed characters (numbers, uppercase, and lowercase letters) and at least a special character: in this way, it is possible to generate secure passwords that are difficult to attack (always try to superare i 100 bits).
This program also allows you to immediately generate a new secure password, so as not to have to invent it from scratch: to proceed, just click on the side of the key-shaped icon and set the generator as desired; alternatively, we can always open the password generator from the path Tools -> Generate Password.
Another handy free program that we can use to test the strength of a password and its security is Password Tech, downloadable from the official website.
Using it is really very simple: we open the program, type the password chosen in the field Generated password at the bottom, press on the three dots on the side, and check the strength of the chosen password at the bottom, with the same criteria seen for KeePass (a bar that turns green and a number of bits that go up).
This tool was born as a secure password generator: if we do not know which password to choose we can always configure the characteristics of the password and press down on Generate, so as to obtain new extremely secure passwords.
With the tools that we have indicated above, we will be able to test the strength of any password without having to type it on the sites present online for the same purpose, which we recommend doing without even if these sites promise security there could be an ulterior motive, therefore better to use only free and open-source programs.
For banking and important services we recommend using more complex passwords using alphanumeric characters even though most internet sites block access like an ATM if you notice brute-force attacks.
So the most important thing remains never to access from external links or email services on the internet where you are dealing with your money and to always check that in the address bar of banking sites or online purchases, there is the HTTPS that testifies the use of secure certificates.
If remembering a long password is difficult let’s try to exceed at least 12 characters and always use the combination of characters as also suggested in the guide Choose passwords that are impossible to discover.
In another article, we saw the best internet password management strategies.