According to research data compiled by SplashData, the most common passwords of 2013 like ‘123456’, ‘password’, ‘qwerty’, ‘abc123’ were pretty easy to guess.
We do so much online today – from ordering our weekly grocery shop and chatting with friends and family, to buying a new pair of shoes or transferring funds between bank accounts – and all of our different online accounts need to be protected.
This is where passwords come in to play.
It’s vital to take all the necessary steps to protect your personal data, yet many still take their password security for granted and that’s just leaving the door open for hackers.
What is an insecure password?
The main issue with passwords is that they need to be easy to remember and they need to be secure; the latter is where people often slip up. A password should not contain any personal information.
A birthday, nickname or pets name, for example, can easily be found by searching through someone’s facebook profile.
Hackers can easily use this or other social engineering techniques to find out all sorts of sensitive information about someone. They will then use this information for their own means, which can range from petty theft to the more serious cases of identity theft and fraud.
Understanding brute force cracking
Passwords should not contain dictionary words, backwards words, foreign words, dates or names, or any other personal identifying information. There is a reason for this as passwords using any of the above can easily be cracked by software designed to brute force passwords (checking billions of possible passwords every second to try and figure out the correct one).
This software is designed to try the most common passwords first – password, admin, qwerty etc – followed by dictionary words, foreign words and then reversed words followed by any of these with numbers.
To test yours, check out this website How Secure is My Password – simply type in your password and it will estimate the time it would take to brute force crack your password from a normal desktop PC.
Here are some examples:
|Password used||Time taken to crack*|
*Times based on a desktop PC of average computational power
Creating a secure password
Small changes to a password can make a huge difference to its security. A mixture of both uppercase and lowercase letters, in addition to numbers and special symbols eg. (%,<, !) can make a password impossible to crack in a reasonable time frame.
Mnemonic devices and password hints can help you to remember difficult passwords. See below for some quick tips on creating a secure password.
What if I can’t remember my password?
For people with many online accounts, or for those who might find it hard to remember the different log in credentials they need, try LastPass – a free to use service that enables you to store your entire collection of passwords and other details in one secure locally encrypted file that only you can access with a master password.
This enables users to automatically login to sites with a simple click. By not having to type out the passwords manually this can also help circumvent keyloggers (a small piece of software or device designed to store and track the keystrokes of a keyboard).
Creating a strong password and keeping it safe
Having a weak password is almost like not locking your door when you leave the house. It’s just opening the door for hackers – and trust me, you don’t want that!
Here’s some quick tips for creating a strong password:
- A safe password should be long and have at least eight characters made up of a combination of characters, numbers and symbols.
- Use the SHIFT-key when creating a password.
- Having difficulty remembering? Think of an ‘unforgettable’ sentence.
- Never use obvious words or sequences.
- Use different passwords for different sites – this will keep you better protected.
- Don’t store your passwords – saving them on your computer may put you at risk. If you do choose to save your passwords, be sure to use an encryption programme or password manager.
- Change your passwords frequently – aim for every three months. When doing so, ensure your new password is not predictable, e.g. Don’t change it from SAH2013 to SAH2014.
- Immediately delete emails that contain passwords – if you forget your password you can typically request that your password is resent.
- Never share your password with others or let anyone see you enter your password – not even people you know and trust. Also, don’t keep passwords close to your computer, desk or agenda.
- If you hear or read about a website being hacked and you have an account with them, change your password immediately.
- Do not give your passwords to companies that ask for it – internet criminals have many tricks to obtain personal information from their victims. A popular method is phishing, which occurs when the hacker sends an email that appears to be, for example, from your bank. If you receive an email asking for personal information, do not reply. Legitimate businesses will never request personal information via email.
- Check if the website you are visiting is reliable – ensure the website you are logging into is safe and if your computer brings up a warning then leave the website immediately.
- Protect your computer. In addition to a strong password, your computer should also be protected with up-to-date anti-virus software.
Just remember that your password is the key to your personal data online. And by taking all the necessary steps, you will be free to enjoy your time spent online without the added worry of jeopardising your safety.
By Kelly Klein, Founder and CEO, Student@Home