I guess every person on the internet knows about what is login? We use login processes multiple times a day. For example, I just logged into my website’s admin panel to access my dashboard and write this article. Similarly, you must log into your Facebook, Twitter, Instagram or Gmail account to get access to your profile. While talking about access, there can be 2 types of access i.e Authorized Access and Unauthorized Access.
The difference between both types of access is pretty clear. For instance, If you’re the owner of an account, and you have the right to access all the data of that account. So whenever you log into that account and get access to your data. You have got the right to do so. That access will be authorized access. On the other hand, someone else who doesn’t have the authority/right to access that certain account. If that person gets login credentials of your account or uses any other way to gain access to that account. That access would be called an unauthorized access.
No one would like someone else to get an unauthorized access to their personal data. That’s what information security is all about. It’s a time taking discussion, we will discuss it in some other write-up. Now let’s get to the second part of the topic. How to secure our account from unauthorized access? The main objective will be focused on email, social media, online payments, and bank accounts login. So let’s have a look at them:
1- Password security:
While writing this heading, I had a thought. Many people will say, the writer is an idiot, what is password security man? A password means security. Yes, indeed, but it is important to use a secure password. Your password’s security depends upon the strength of your password. What is strong and weak password then?
A weak password is that one, which is used very commonly. Like if you set your own name, any dictionary word, your birthdate, marriage date or any password that can be easily guessed and cracked. That kinda password is called a weak password.
A strong password uses a combination that is very difficult or almost impossible to crack or guess. Basically, a secure password protects you from Password Attacks. The most common one is a brute force attack. A good password is always the best option to protect you from any type of password attacks. A Strong password depends on the following factors:
- A Fair enough password must contain 8 – 13 letters.
- A good enough password must contain both upper and lower case letters.
- A very good password also contains numbers and letters combination.
- A strong password contains a mixture of alphabets (upper/lowercase), numbers, and special characters (@, %, $)
- Example of a Strong password: %Spr0t3cH%1337# (This type of password is almost impossible to crack.)
Phishing and Social Engineering:
It’s a spread topic to be discussed. But right now when we’re discussing login security. It is really important to discuss these two or a combination of two attacks. Phishing is generally a technique where the attacker tricks his victim by sending him a link. He can use social engineering to make his work more reliable. In that link, there can be something related to the victim’s interest. Or a simple login form where the victim is asked to log in. We’ll discuss these techniques in a separate write-up, right after this one. So when the user enters his login credentials, the hacker receives them and easily gets access to the victim’s account. So it is really important to watch out such things.
2- Two Factor Authentication (2FA):
So here comes the second layer of login security. Just imagine, if you’ve been tricked and the hacker got your username and password. How can we still prevent him from getting access to our personal data? Here enters the 2FA. In Two Factor Authentication, a user can set up an extra verification code to avoid unauthorized access. There are 3 ways to set up 2FA.
- Using Phone Number: Adding a contact number or email where you can receive an OTP. The OTP (One-Time Password) is a confirmation code received by the users’ second factor (number or mail) to verify that the account is being accessed by the real user.
- Third Party Authenticator: There are many applications like Google Authenticator, or one can develop his own code generator application. These applications randomly generate OTP codes that are used to confirm users’ identity.
- Security Pincode: Many applications, for instance, WhatsApp use this type of 2FA for extra confirmation. In this type of 2FA, the user can set a specific pin that he enters when asked to verify his login.
Like passwords, 2FA can also be bypassed. There is a recovery option while setting up 2FA. It can be an alternative email or a list of recovery codes that can be used to verify login when you can not access the second factor for authentication. So it is necessary to protect your recovery alternatives from everyone. Keep them personal and don’t share them with anybody.
NFC / U2F (Near-Field Communication & Universal 2nd Factor):
Now here is another security layer one can add to login credentials. The NFC stands for Near-Field Communication. It is a set of communication protocols between two electronic devices. One of these devices is generally portable. A good example can be a smartphone. These devices can interact within the range of 4cm to establish communication with each other. NFC can be used for many purposes like transactions, info sharing, and access controls. But here we are discussing login security so we’ll only look at the access by NFC. The NFC-enabled devices can act as electronic identity documents and keycards.
They can be used for Electronic identity & Physical Access control. But this system is also not so secure. By knowing the nature and type of an NFC device, a sharp hacker can clone or exploit it. But it also needs physical interaction and lots of knowledge about the device. And recently, tech companies have worked on it to secure the encryption set up and security of the NFC. So it is a better option for security.
Universal 2nd Factor:
U2F or Universal 2nd Factor is a new standard of security. Not much new but a better standard as compared to NFC. It works quite in a similar way like 2FA and NFC. You can call it a combination of these two. It’s just like a token key. A U2F is a specially designed USB or NFC device that contains a token key to provide two-factor authentication. When you’ve secured your access with U2F, you’ll need a USB, NFC or a Bluetooth device that has U2F enabled with your access token. This can no doubt the best security setting to prevent unauthorized access.
So that was a brief explanation about login credentials security. Hope this article be helpful for you.
In next write-up, I’ll try to cover the underexplained points we couldn’t cover that article.