A couple of days ago, personal information of a number of students was compromised when some “hacker” broke into their accounts and then emailed details such as contact, password, mobile number and address to whole student body. This was not the first time such an activity had happened, neither will it be the last time. In fact, all software that maintain some database of personal data are always vulnerable to such intrusions. Big tech giants like Adobe, Uber and Sony have faced major security breaches over time. This article will help you understand what happens behind the scenes and what you can do to ensure security of your personal information.
Most of the software including LUMS database store passwords in their databases in encrypted form called hashes. You can imagine a hash function to be a gibberish factory that throws out random but unique combination of letters for every value given to it. So, lets say you select your password to be “PLUMS123”, the hash function might calculate something like this:
Brilliant thing about hash function is that a slight change in input will change its hash altogether. So, if now you select your password to be “PLUMS124”, it will give you a completely different string of letters.
One might think that storing hashed passwords can provide essential security because calculating a password from its hash is practically impossible. However, there is a catch, if many users are using same and cliché password e.g. “Lahore123” or “Ronaldo07”, it can become easy to guess them because in database there would be many matching hashes. Although there are solutions to resolve this issue too but for sake of this article, we won’t explore these methods.
So, what should your password be to ensure security?
Here are some guidelines that can help you select a strong password that will require time more than universe’s lifetime to crack with current computing resources:
- Change your default password immediately. If IST resets your password to “Pakistan@123”, it is doing same for everyone else too.
- NO CLICHES, you should never put your first name, phone number, some celebrity or your crush’s name as your password. These are the easiest to break into.
- Should your password be meaningful? People often choose their password to be something that they can easily remember. This also makes the password easy to guess for intruder. Make your password as random as you can.
- Use capitalization, special characters and numbers in your password as much as you can. This reduces chances of someone guessing your password exponentially.(HINT: Time to go back to old k3wl d@y$.)
- Should you use same password on all your online accounts? Never a good idea. If someone manages to break the password, well they can practically be you with the amount of information they will have.
Ideally safest password is long and random. You can remember one random password and then use it with a little randomization, such as adding random words at random positions, on your other accounts too.
Article by: Ammar Tahir, Muhammad Hassan