Passwords – do you know the trick to getting them right?SecurEnvoy 20/09/2012 Industry News
Passwords. We all use them as the gateway to our personal information, emails, different websites – you name it. And, the reality is that (whether we admit it or not) most of us reuse passwords between different applications or sites.
While there is quite a lot businesses can do (and many of them are doing it) to get away from the singular reliance on passwords to protect sensitive data, there’s a lot more each of can do to prevent our virtual identities being abused.
Before I tell you how to create a virtually unbreakable password, let’s look at how they are cracked.
How are passwords broken?
One method is the dedicated hacker who researches a ‘target’ until they know a lot about them (often using social networking sites) and will try to guess a password based on what they have found out. These sort of attacks are very hard to prevent, but they aren’t common and easily avoided if you don’t use your children / pets’ names as passwords. (And no, not your husband’s name either, even if you do combine it with his birthday to make it a bit more complex)
It is more likely that they will use a brute force attack, using automated programmes – either trying the most common terms in major languages, or going through every possible character combination.
Crackers will also try common password lists, such as “123456”, “qwerty”, “abc123” and, of course, “password” – so don’t use them either.
How can I make my password stronger?
An invented phrase or word is harder to crack, especially if you add numbers and symbols. However, current hacker tools can try 100 million checks per second, so even a truly random password might not take long to break:
• A password of 4 characters could be broken in 0.16 seconds
• 6 characters would take 11.4 minutes
• 8 characters would take 32 days
• 10 characters 365 years
Before you break into a cold sweat thinking you need 10-character, random passwords for every site you visit (which of course you mustn’t write down), don’t worry – there is a solution.
First of all, break your password down into at least two parts as this will make it easier to remember. It’s almost like having your own two factor authentication – something you know, and something you own.
One part stays the same, for every account you have. And this can be complex, because as long as it’s only 4 characters people are generally able to remember it – so it might be M!7n. Think of this as ‘something I know’.
The second element should be relevant to the site you are logging in to. So, for example, for an online clothes company you might use ‘lookingfab’ alongside your complex 4 character part, for a lottery site you might add ‘lucky8’, etc – as long as it is different for each one. It wouldn’t hurt if you wrote these down secretly, perhaps in the notepad on your phone. This part becomes the ‘something I own’ element.
If you still need help with your password management, there are some tools that allow you to register the complex element of your password and it sends you (via SMS) the second part periodically i.e. when it needs to change. By saving the message you have a constant reminder.
While we’re waiting for the businesses to start making it harder for criminals to steal our online credentials, we can still do our best protect ourselves.
Using this simple technique for your password means it will take a ‘cracking’ program at least a year to break your password, but you’ll always remember it.