Think your passwords are safe? Think again.
Posted on May 23, 2018
Most of us think our passwords are pretty safe. We scoff at the silly list of the 10 worst passwords, to wit:
123456, password, qwerty,
letmein, football, iloveyou,
admin, welcome, monkey, login
…and trust that our own specialized “system” will keep out the hackers. You’d be wrong. Chances are, your passwords can still be hacked.
Why? Because your thinking about passwords has not kept up with technology.
Here’s what the security team at Teipen Selanders Poynter & Ayres recently learned:
- If you are still using an 8-character all lower case PW, the number of possible combinations of this sequence is 26 to the 8th, or 208.8 billion. Sounds great until you consider that a super botnet computer can take just under 2 seconds to crack this very basic code.
- Add upper letters and the number of possible combinations can be as high as 98 to the 8th, requiring much more time to crack, even for a super computer.
- Add characters and numbers, and the PW is even harder to crack – except…. that hackers rarely start out with a blank slate.
The problem, according to the New South Wales School of Computer Science and Engineering is that hackers begin with information (found on social media), providing them with groundwork about you that helps them figure out frequently used word and number combinations (birthdates, anniversaries, street address, pet names) that can dramatically help them refine and narrow their search.
What to do? Here are some effective new strategies:
- The best PWs are multi-factor, such as using a pass code followed by answering a question only you know. That way if someone discovers your pass code, they only have half of what they need to steal your identity.
- You can also use a PW that texts a secondary request to your phone for authorization. Two-part systems help protect against super computers and botnets.
- The strongest passwords you can use to out-maneuver tech-savvy hackers are long, memorable pass phrases with random words, rather than passwords. A line from an obscure poetry reference, for example. The more obscure, the better.
- Make it stronger still by adding random numbers and special characters in odd places.
If you are in charge of corporate passwords, it’s worth bringing in an expert. Hire a reputable company that will encrypt your all passwords, keeping them all safe and out of reach. Or switch to fingerprint or facial identity recognition.
The world is a rapidly changing place and there is a lot of money to be made through identity theft and corporate password theft. Make sure you, your family, and your company keep pace with technology and security – and keep financial and sensitive data out of reach from cyber criminals.