You might have heard this advice several times before “Change your passwords frequently and never share it with anyone not even to your close friends or family members. Also, you should not use the same password for your Gmail, Facebook, and other banking/financial institutions. Below we’ve come up with a few examples that you can relate with and will also hopefully give some context when comes to online passwords.

You might be wrong if you think that your Gmail and Yahoo accounts don’t require a strong password since, you don’t keep any kind of important financial data or information in these accounts but have you ever thought about the situation if the hacker gains access to your Gmail a/c just because of the weak password then, what all he can do with it. Just give it a second thought and you will be able to find out that all the banks you invest with and all the other applications you use on a daily basis are linked to your g-mail a/c. In this case, the hacker would simply go to your net banking website, click on forgot password option and then the bank will send a reset password on your hacked Gmail a/c linked with it and now the hacker can get complete access to your bank account and do whatever he wants to do.

At the same time, it is also advisable not to use the same password for all banking/financial applications as if one gets compromised then, all of them would be compromised. In addition to this, do not keep your First Initial and last name as User ID because it can be easily guessed by anyone.

It’s very important for you to understand that no hacker is sitting in front of their computer system to manually hack your account or anyone else’s for that matter as there are plenty of free & paid online tools available that can do this task for them so, by thinking that I’m not rich enough or I don’t have huge savings in my a/c is just an old and very invalid belief because thieves don’t check your pockets before kidnapping you for money. It is either them to be unlucky to find less/nothing or either you unlucky to lose a huge amount.

The Programs, Soft ware’s and applications that we use today on a daily basis for various purposes, automatically collect our account information and that too with our permission, and then hackers use this information to hack our accounts. Once the account is hacked then the hacker looks for the cookies stored in our browser history to check how much more data they can steal.

Have you ever wondered how the passwords get hacked easily? Let’s understand this with an example. Automated software scans your Facebook account for your name, spouse, kids’ name, birthday, wedding anniversary, pet’s name, etc. It then inputs this together in different combinations, until it gets into your account. If your password is your pet’s name + your birthday, the program has thought of that combination too.


Some Easy ‘Best Practices’ on Password Creation:


  1. Do not use dictionary words (English language or foreign) or proper nouns for that matter. Password cracking tools can run dictionary words and numbers automatically against the web site and will break those apart quickly enough.
  2. Do not use backward words either, as the password crackers have already thought of reversing words in the dictionary.
  3. Do not use personal data such as family names, house numbers, important dates, and telephone numbers, and so on. They really are too simple to guess for even the novice social engineer or anyone that surfs your Facebook account. (Read example above)
  4. Longer and wider the better. In other words, use more characters and more non-alphanumeric characters.
  5. Password should be a minimum of 8 Characters + some numbers + a special character for your online banking/financial institutions.
  6. An example of a strong password is a passphrase or sentence: MaryHad3Lambs!
  7. Better Yet: Mh3Ls! So, take a sentence and shorten it so it makes sense to you and this will help you remember the password too.
  8. Or, switch alphabets for numbers is another good trick. Example: I = 1; a = 6; E = 3; O = 0 (zero); Z = 2; S = 5; B = 8; etc.
  9. Change your passwords every 6 months.
  10. If your financial institution offers 2-factor authentication in the form of a token or SMS or anything that you can use one time, in conjunction with your password to log in, definitely opt for that additional layer of security. It’s well worth the little inconvenience.

A free resource to check if an email may be a phishing attack is virustotal.com. If you want to learn more about how to secure your environment, please reach out to us at https://www.aurorait.com/

Comments are closed