Are your passwords really safe? Read on and let's find out
Hackers are in the news again. A few weeks ago it was a major breach at an Australian University and now a medical practice. And while the accusations fly and the fears mount, there is something important that we all need to consider. Just how secure are your passwords? And what sort of data do they protect? We all hate changing our password because it gets “out of sync” with all of our other passwords and that makes our lives difficult. That's because good, individual passwords are so hard to remember.
Hackers know this and they use it against you. They also know that many people use simple passwords like a special date - for example, 25122010 - which is just Christmas day, or a birthday, or perhaps even a last-name first-name combination. There’s a problem with this – its easy to guess or construct this information from watching how an individual or company does things.
But, Hackers don’t actually guess your password. Every attack is planned and executed to get results. Hackers buy and sell password lists that vary in size and complexity. Yes, I hear the question - what does that really mean? It means that your details could be out there, swirling around the internet, being bought and sold as a commodity that makes money for someone.
Password Lists
There are software tools that create password lists, and Hackers use these tools to create lists and sell them over the internet. Those lists contain details such as your email address - and everywhere that your email address is used as a part of a login. They then run those lists against your login. Because most of the passwords that we use are under 12 characters & contain word-phrases like birthdates or special names - most of these logins can be broken in under 24 hours!
Many websites now ask that you create very complex passwords that are over 12 characters in length, with weird and varying rules that you have to obey. The reason for this is that a password list based on these rules takes up more space than your average computer or laptop has available. So at this point in time, hackers will generally go with the "easy to break" type of password.
I didn't think this was true, so as a part of a security course, I went out and tried it. I went with the 12 character password, with the rules that most sites apply and guess what? I didn't have the space to store the password list. If the list is that large, most hackers won't bother with it as there are a lot of easier lists to use. The hackers that use lists this large are most likely at a corporate, or dare I say "government" level as they would need a huge amount of resources to be successful.
Interestingly, shorter lists that I used against my own passwords gave me a "break your password" time of between 4 and 16 hours.
So how do you feel about the safety of your passwords right now? I sincerely hope you are a little bit concerned. Let's keep going and dig a little deeper
The Key
Take out your house key and spend a few minutes looking at it. Hold it so that the flat part is at the bottom and the grooves are facing upwards. If you have grooves on both sides, you have a good lock! Most modern house keys have a flat part on one side and raised parts and grooved parts on the other. The raised parts push pins that are inside your lock into the right position and hold them there. The more raised parts you have, the more pins you have. And that's a good thing.
When people pick locks on TV they make it look easy. But what happens in real life is that each pin must be held in place by the key so that the lock can be opened. The more pins, the harder it is to pick the lock. The more characters, the harder it is to break or "crack" your password.
So having an easy to remember phrase as your password is like having an easy to pick the lock on your front door, only it’s much more dangerous. Your passwords hold your identity, your finances, and anything else you have done online. If it’s easy for you, it’s easy for a hacker. Is that what you really want?
In the next instalment, we will be talking about password hygiene. How to create a safe password, how to store your safe passwords, and looking at how often you should change them.
Interested? Read on!