“Why do I have to change my password every 3 months? It’s so unnecessary, who would want to get into my account?”
“Why is ’123456′ not a good password? It is easy to remember!”
“Why all these capital letters and numbers and stuff mixed up in passwords? It is so difficult to remember them!”
“My password is ‘password’, nobody will guess that!”
Believe it or not, these are the sorts of comments that we encounter almost on a daily basis at the FHSCUA Help Desk. You would think that these would come from highschool children, but these are Medical student undergraduates, and one comment (I won’t say which one) came from a department head!
The aim of this article is to help you better understand the security of your own passwords and how to boost that security, and it centres around the premise that if I asked you the following question, what the answer would be?
“If you invited me to try and crack your password – you know the one that you use over and over for everything, how many guesses would it take before I got it?”
Here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…
Hackers have developed a whole range of tools to get at your personal data. And the main obstacle standing between your information remaining safe, or leaking out, is the password you choose. (Ludicrous but true, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of my hacking computer, and the speed of my Internet connection.
For instance, adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that, how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is safe behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network — after which time they will own you!
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there.
Some extracts from John Pozadzides’ Onemanblog