Why “password” isn’t a password

Published: 15/12/2020 · Updated: 30/04/2024

Stay up-to-date!

Get insights and tips from experts

Methods of hacking your password
Best practices
Password managers
How to create a master passphrase
Lastly, check if your credentials have been leaked

Methods of hacking your password

Brute force attacks are the most common. This is when hackers try to force their way into an account by using good ol’ trial-and-error. This means simply guessing your password amongst the most common words and phrases people use or running bots armed with a base dictionary. These bots run through all possible combinations of characters until the correct password is matched.

Phishing emails/calls and Social Engineering/Hacking (using misrepresentation to manipulate you into giving them sensitive information) are also common methods of obtaining passwords and PIN codes. At HOSTAFRICA, your security is important to us, and thus we would like you to use this advice to secure your passwords.

According to Wikipedia, “NordPass conducted the most breached passwords research in 2020”. Furthermore, “the Worst Passwords List is an annual list of the 25 most common passwords from each year as produced by internet security firm SplashData.

For a good start to password security, do not use any of these easily guessed passwords!

Best practices

Do not use the same or similar password for multiple other accounts, it’s especially important that you do not use work passwords for personal accounts and vice-versa.

Do not use personal details such as your or loved ones’ birthdates, names and surnames, addresses, phone numbers, favourite numbers, etc. This includes information your friends or family could guess.

Whenever available, always use Two-Factor Authentication or other added security measures such as your fingerprint, an OTP, security questions.

Change your passwords often – at least once every 3-6 months.

The longer your password is, the more difficult it will be to hack (unless it’s like the passwords in the table above). If the account allows for a 32 or 64 character length password, go for it!

But how will I remember something that long?

Password managers

Use a reliable password manager that can automatically generate completely random, very long and complex passwords, as well as keep track of all your login credentials securely. You’ll only have to remember your passphrase for your manager and the manager will remember the rest.

Nowadays, password managers are smart enough to be installed as a web browser plugin or phone icons in your pulldown notification panel so you can quickly access them every time you need to login to an account.

How to create a master passphrase

A passphrase is safer than a password. It’s best to stop thinking that passwords need to consist of a single word. From now on, use phrases you’ll remember and create a personal formula that will only makes sense to you, such as abbreviating words, removing certain vowels, replacing letters with numbers or symbols, or even better, using words your kids made up.

Try using words that can’t be found in a dictionary and especially avoid words you’d normally use every day.

Anything such as punctuation, misspellings and special characters such as []{}<>, symbols and numbers all make your passphrase less predictable and therefore more difficult for people and bots to guess.

Develop your personal formula

Choose a phrase you’ll remember. Start with ALL lowercase.
My sample phrase is short and simple but already 17 characters long and includes a word (plies = flies) I couldn’t pronounce properly as a toddler.
planets equal plies
Misspell a word and remove vowel(s) in a way that makes sense to you.
planits eql plies
Add an uncommon special character or symbol
planits [eql] plies
Add a number or substitute a letter for a number
5planits [eql] plies
Remove all spaces:
5planits[eql]plies