Passwords - are yours really that safe? Part 1

It really is time to take a look

Phil Scattergood · 06 June 2019

Are your passwords really safe? Read on and let's find out

Hackers are in the news again. A few weeks ago it was a major breach at an Australian University and now a medical practice. And while the accusations fly and the fears mount, there is something important that we all need to consider. Just how secure are your passwords? And what sort of data do they protect? We all hate changing our password because it gets “out of sync” with all of our other passwords and that makes our lives difficult. That's because good, individual passwords are so hard to remember.

Hackers know this and they use it against you. They also know that many people use simple passwords like a special date - for example, 25122010 - which is just Christmas day, or a birthday, or perhaps even a last-name first-name combination. There’s a problem with this – its easy to guess or construct this information from watching how an individual or company does things.

But, Hackers don’t actually guess your password. Every attack is planned and executed to get results. Hackers buy and sell password lists that vary in size and complexity. Yes, I hear the question - what does that really mean? It means that your details could be out there, swirling around the internet, being bought and sold as a commodity that makes money for someone.

Password Lists

There are software tools that create password lists, and Hackers use these tools to create lists and sell them over the internet. Those lists contain details such as your email address - and everywhere that your email address is used as a part of a login. They then run those lists against your login. Because most of the passwords that we use are under 12 characters & contain word-phrases like birthdates or special names - most of these logins can be broken in under 24 hours!

Many websites now ask that you create very complex passwords that are over 12 characters in length, with weird and varying rules that you have to obey. The reason for this is that a password list based on these rules takes up more space than your average computer or laptop has available. So at this point in time, hackers will generally go with the "easy to break" type of password.

I didn't think this was true, so as a part of a security course, I went out and tried it. I went with the 12 character password, with the rules that most sites apply and guess what? I didn't have the space to store the password list. If the list is that large, most hackers won't bother with it as there are a lot of easier lists to use. The hackers that use lists this large are most likely at a corporate, or dare I say "government" level as they would need a huge amount of resources to be successful.

Interestingly, shorter lists that I used against my own passwords gave me a "break your password" time of between 4 and 16 hours.

So how do you feel about the safety of your passwords right now? I sincerely hope you are a little bit concerned. Let's keep going and dig a little deeper

The Key

Take out your house key and spend a few minutes looking at it. Hold it so that the flat part is at the bottom and the grooves are facing upwards. If you have grooves on both sides, you have a good lock! Most modern house keys have a flat part on one side and raised parts and grooved parts on the other. The raised parts push pins that are inside your lock into the right position and hold them there. The more raised parts you have, the more pins you have. And that's a good thing.

When people pick locks on TV they make it look easy. But what happens in real life is that each pin must be held in place by the key so that the lock can be opened. The more pins, the harder it is to pick the lock. The more characters, the harder it is to break or "crack" your password.

So having an easy to remember phrase as your password is like having an easy to pick the lock on your front door, only it’s much more dangerous. Your passwords hold your identity, your finances, and anything else you have done online. If it’s easy for you, it’s easy for a hacker. Is that what you really want?

In the next instalment, we will be talking about password hygiene. How to create a safe password, how to store your safe passwords, and looking at how often you should change them.

Interested? Read on!

Share

Phil Scattergood

Phil Scattergood

Hi, I’m Phil With almost 20 years in Tech Support, I’m passionate about helping people demystify technology. Technology in your terms is the way I like to think. I love what I do, who I do it with, and who I do it for. As an avid fan of motorcycling, kayaking, and traveling, I'm often on the move. But that doesn't stop me from getting the job done. I love the idea of cloud-computing, working from anywhere, and teaching others to do the same. I believe in old-fashioned customer service, which means being available, talking to people, taking the time to understand the issues that people have, and then helping them get it right. If you have questions about the technology that you are using, feel free to send them through. I don’t always have the answers, but I certainly can help you find them!

Related Articles

Welcome to our Cyber Security Blog!
03 May 2019

Welcome to our Cyber Security Blog!

Hackers? Brandjacking? Phishing? Data Breaches? Cybercrime? If you haven't come across these terms in recent times, don’t worry. The unfortunate news is that these very real threats are making their way into everyday life, and as we adopt technology into the way we do life, the threats do become real.   

Hackers - The Good, The Bad & The Ugly
09 May 2019

Hackers - The Good, The Bad & The Ugly

So just what is a hacker? There are so many movies about hackers, so many idea’s & definitions of that word that we couldn’t possibly begin to talk about them all. The term "hacker" has come to mean "someone with unauthorized access" and it's fair to say that a lot of fear & mystery has been attached to it.

Cyber security - where do we start?
01 January 0001

Cyber security - where do we start?

With such a comprehensive subject, knowing where to start can be difficult. Online security comes in many layers, and having many layers is important. Just having a “virus checker” isn't enough in this day and age, and as we travel on this journey, we will look at anti-virus software, because that’s an important level of protection. But, it’s not the only one. Let me explain using personal experience. 

Web browsing - a few safety tips
01 January 0001

Web browsing - a few safety tips

Browsing the web is an awesome way to get work done, study, shop, stay in touch with friends or just have fun. But just how safe is it? In today’s blog, I don't want to discuss anyone’s browsing habits as everyone has differing opinions on what is right and wrong.

Can you really trust that link?
08 May 2019

Can you really trust that link?

Links. They're such handy little items as you navigate your way around the internet. I’m sure that you will find them in your email too! But you should treat them with suspicion

Passwords - are yours really that safe? Part 2
06 June 2019

Passwords - are yours really that safe? Part 2

Password hygiene is all about keeping you safe. Creating strong passwords, changing them regularly and storing them safely. And that's what we will look at today. It's a long read, but if you want to be safe, it's well worth the effort.

Back-ups. Here's why they matter
09 September 2019

Back-ups. Here's why they matter

If you fail to pay in a certain time, all of your files are deleted.That's how Ransomware gets its name - by holding you to ransom. It's how full-time hackers make their money