Password for weak sites!

[Tarique_31]

n our daily life we have to deal with lots of unsecured sites, some site maintenance is too poor & some are weak, slow & lengthy process to take appropriate attempt!
But cyber criminals don't wait for response, they the advantage of weak security system & dump data from server. well, I am aware of nothing is unbreakable in the sense of security!

I am talking about some weak govt. sites specially as from their we have to put our personal data which can be leaked due to weak security system ( for security reason of course I will not mention the region ) or some personal/ company maintained sites where we need to put our some basic personal data!

My point is what is the safe way to set password of that sites?

From my point of view, maximum data which had already been leaked & available in dark or open market or data breach sites are damped from database (the reason why I am emphasis on this process is that I found some data I found is hard to crack in general pc by brute force of course, even some data is also hard to create as custom wordlist!)

 

My question is what type of password should we set for that sites?
If data leaks & we use 15-20 character complex password it also added to leaked database which means that is not secured in future!

Edited December 6, 2023 by AdvancedSetup
Corrected font issue

[David H. Lipman]

Passwords in general should be a Strong Password.  And be complex with at least...

• 2 x Uppercase
• 2 x Lowercase
• 2 x Numbers
• 2 x Special Characters

That's 8 characters right there but 12 to 16 is better and 20 is good but as the number increases, the ability to remember it also decreases.

Data leaks don't really have to do with passwords and their respective strength.  If one has a 20 Character strong password and falls for a Phish and provides the correct credentials to the Phish, the account can be considered compromised.  Also such site could have fallen prey to a Data Breach or the a victim of a miscreant employee or other Insider Threat.

So the security relies on a combination of Password Strength, Multi-factor authentication (aka; 2FA) and the user's Situational Awareness of the ¹Threat Landscape.

Understanding your privacy and limiting its exposure while recognizing Phishing and other scams are all a part and are participants in that security besides the Password Strength.  One must look at the Threat Landscape in a holistic overarching viewpoint.  I compare it to securing one's home.  If you are too busy concentrating on the Front Door, they may gain ingress through a Back Door.  If you are too busy concentrating on the Front and Back Doors, they may gain ingress through a Window, etc.  One must look at all possible points of ingress and take actions accordingly.

---

1.  A threat landscape is a overarching understanding of possible and known threats that may be present to a Person accessing the Internet and software used within the Internet context.  In involves understanding and recognizing Risks, Vulnerabilities that one may encounter in the Internet context.

Edited December 6, 2023 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[AdvancedSetup]

I would say though that one needs to prepare for Quantum Computing (in my opinion a 20 character strong password should start to be a minimum) and using a good password manager like 1Password, Bitwarden, Keepass

Also enable 2FA/MFA Two Factor / Multi-Factor authentication on all sites that will allow it.