Password Security

By Top Pro Media Group Director of IT

With the constant expansion of e-commerce websites, identity theft continues to be a growing concern. Websites like healthcare.gov — which has most, if not all of your personal information — become easy targets for hackers to gain access to your identity. The only thing that typically prevents these hackers from getting your information is a username and password that you would need to login to the website. However, most people only use simple passwords which are easy crack.

Surprisingly, most people don’t use very complex passwords because they are hard to remember. This in turn however, makes your password that much easier to guess, which could lead to serious consequences. In fact, most passwords are very common, as they use the same type of keyword or phrase.

The technology at a hacker’s disposal is virtually limitless, and one of those programs is a brute force password cracker. These programs can be used individually, or combined with hundreds of other machines to continuously guess your password until it gains access. These programs also have lists of previously discovered passwords known as “dictionaries”. Most of these lists range from 1,000-10,000 keywords or phrases, and are sorted by how often that term was sucessful, casting a wide net that is fairly successful within 30 seconds to 10 minutes to capture your password.

Here are some interesting facts about password usage:

  • 4.7% of users have the password password;
  • 8.5% have the password “123456”;
  • 9.8% have the passwords “123456” or “12345678”;
  • 14% have a password from the top 10 passwords in a “password dictionary”
  • 40% have a password from the top 100 passwords in a “password dictionary”
  • 79% have a password from the top 500 passwords in a “password dictionary”
  • 91% have a password from the top 1000 passwords in a “password dictionary”

The key to proper security is a proper password. The more secure the password is, the less likely a hacker will be able to guess it. The tips below will help you form stronger, more reliable passwords and help prevent any unauthorized access to your accounts.

Avoid using passwords that are too personal

Just as hackers can get your passwords online, people who may know you could easily guess your password based on information they already know. Always try to avoid using street addresses, pet names, family names, or anything else that is “public knowledge” or used in conversations regularly. Try instead to think of an uncommon or made up word or phrase that only you know. This not only prevents programs from already having it in their password dictionaries, but it also protects you from others you interact with frequently.

Use letters, numbers and symbols to “harden” your password

Just like the inner workings of a safe, the more complex it is, the harder it is to crack. The best way to create your password is to have a mixture of letters, numbers and symbols.

For example, we’ll use the word “flapjack” as the base of our password. By itself, this word can be cracked on average in less than a minute. Below are some variations to the password, as well as how effective it is in terms of the length of time it takes to be cracked by a hacker’s program running on a single computer.

flapjack <– 52 Seconds

flapjack44 <– 10 Days

flapjack44! <– 48 Years

#fl4pj4ck2013! <– 6 Milion Years

Putting just a word followed by numbers and a symbol without mixing it does work, but it’s not as effective. That’s why it’s a great tip to replace certain letters in the key phrase of your password with similar looking numbers. When creating or changing passwords, try replacing As with 4s, Es with 3s, Is with 1s and Ts with 7s. Also add a couple of symbols to the beginning, end or a combination of the two.

The best form of password would be the 4th on the list, due to the fact that the password is longer, has symbols, and doesn’t contain a complete English word or phrase. However, the password still reads “flapjack”, since the 4s look like one-legged As. For added password length, toss in the current year, or a year of importance to you.

Never give your password to anyone, including those who claim to be a support technician

Almost every company that facilitates user accounts have special access to modify user accounts without needing a login and are instructed to never ask you for your password. The only exception to this rule is that you may need to provide access to an external account that a company needs to manage for you. Only provide this information to those who you’ve verified actually work for the company supporting you.

Never leave your password on paper that can be seen by others

One common action is to write your password down, since they can be hard to remember. The best course of action if remembering your passwords is a problem is to use a password manager such as Passpack (http://www.passpack.com), which will require logging in and entering a sentence you create known as a “Packing Key”, when then gives you a list of all of your passwords readily available to use. However, if you are more comfortable writing your passwords down, invest in a small document safe. These safes are usually under $100 and provide efficient protection from thieves and fire damage.