Think your passwords are safe? Read on and let's find out
Hackers They're in the news again. This time it’s a major breach at an Australian University. And while the accusations fly and the fears mount, there is something important that we all need to consider before we move on to talking about the bad guys. That’s the "P" word. Yep, passwords. We all hate changing our password because it gets “out of sync” with all of our other passwords and that makes our lives difficult. That's because good, individual passwords are so hard to remember.
Hackers know this and they use it against you. They also know that many people use simple passwords like a special date - for example, 25122010 - which is just Christmas day, or a birthday, or perhaps even a last-name first-name combination. There’s a problem with this – its easy to guess or construct this information from watching how an individual or company does things.
But, Hackers don’t usually guess your password. They have a list of passwords that vary in size and complexity. Yes, I hear the question - what does that really mean?
There are tools that create password lists, and most passwords under 12 characters contain word-phrases like we looked at before. Hackers use these tools to create lists and sell them over the internet. They then run those lists against your login. Most of these logins can be broken in under 24 hours! Many websites now ask that you create very complex passwords that are over 12 characters in length, with weird and varying rules that you have to obey.
There are many reasons for this, one of them being that the organisation that you are logging into doesn't want to be sued because they didn't protect your privacy. But from a hackers point of view, a password list like that would take up more space than I have on my laptop's hard drive. Yes, it's true. I've actually tested a list of this size and I didn't have the space to store it. And like me, if the list is that large, most hackers won't bother with it as there are a lot of easier lists to use. The hackers that use lists like this are most likely at a corporate, or dare I say government level as they would need a huge amount of resources to be successful.
So how do you feel about the safety of your passwords right now? I sincerely hope you are a little bit concerned. Let's keep going and dig a little deeper
Take out your house key and spend a few minutes looking at it. Hold it so that the flat part is at the bottom – if you have grooves on both sides, you have a good lock! Most modern house keys have a flat part on one side and raised parts and grooved parts on the other. The raised parts push pins that are inside your lock into the right position and hold them there. The more raised parts you have, the more pins you have.
When people pick locks on TV they make it look easy. But what happens in real life is that each pin must be held in place by the key so that the lock can be opened. The more pins, the harder it is to pick the lock. The more characters, the harder it is to break or "crack" your password.
So having an easy to remember phrase as your password is like having an easy to pick the lock on your front door, only it’s much more dangerous. Your passwords hold your identity, your finances, and anything else you have done online. If it’s easy for you, it’s easy for a hacker. Is that what you really want?
In the next instalment, we will be talking about password hygiene. How to create a safe password, how to store your safe passwords, and looking at how often you should change them.
Interested? Read on!