Selecting a good password
Safe and secure access to information is of course critical to modern life. We have seen more hacks and more attempts at cyber crime.
Many attempts are based around brute force attacking methods. Or in other words multiple attempts to crack a password. So it is key to use secure passwords. And if you can remember it, it’s not secure.
First a few Does and Don’ts: Follow these tips and tricks to take total control of your terms for access.
- Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.
- Use a dictionary word as your password. If you must, then string several together into a pass phrase.
- Use standard number substitutions. Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built-in.
- Use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defence is the longest possible password.
- Use a Password generation tool. There are plenty of on-line tools. Try Comparitech as a secure password generator.
- Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.
- Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”
- Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
- Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name so it can’t be easily guessed.
- Use a Password Management system. There are a number of tools to help you track, record and use passwords. The two we like best are LastPass and 1Password. Others include Dashlane and the Open Source KeePass.
We all live in a password-obsessed world, where between four and 20 characters make the difference between whether you’re able to access your data, communicate with friends, make your online purchases or not. The problem is that passwords should be different everywhere you use them, and that can make it difficult to remember them all. And, if a password is truly strong, that makes it even more difficult.
Common Problems with Passwords
Use Different Passwords Everywhere
Why would you do this when it’s so easy to just type “fido” at every password prompt? Here’s why: If “fido” gets cracked once, it means the person with that info now has access to all of your online accounts. A study by BitDefender showed that 75 percent of people use their e-mail password for Facebook, as well. If that’s also your Amazon or PayPal password and it’s discovered, say good-bye to some funds, if not friends.
Remember the Underwear Meme
The saying goes like this: Passwords are like underwear. You should change them often (okay, maybe not every day). Don’t share them. Don’t leave them out for others to see (no sticky notes!). Oh, and they should be sexy. Wait, sorry, I mean they should be mysterious. In other words, make your password a total mystery to others. You can make your password sexy if you want.
Avoid Common Passwords
If the word you use can be found in the dictionary, it’s not a strong password. If you use numbers or letters in the order they appear on the keyboard (“1234” or “qwerty”), it’s not a strong password. If it’s the name of your relatives, your kids, or your pet, favourite team, or city of your birth, guess what—it’s not a strong password. If it’s your birthday, anniversary, date of graduation, even your car license plate number, it’s not a strong password. It doesn’t matter if you follow this with another number. These are all things hackers would try first. They write programs to check these kinds of passwords first, in fact.
Other terms to avoid: “god,” “money,” “love,” “monkey,” “letmein,” and for the love of all that’s techie, if you use “password” as your password, just sign off the Internet right now.
Strong Password Testing
The modern-day PC is incredibly powerful and especially good at solving maths problems like cracking codes. Cracking passwords takes time and any newish PC can be set to work slavishly trying combinations. If you’re worried that your password of choice isn’t strong enough, check it at How Secure is My Password?. The site will even tell you how long a PC would take to crack it. For example, cracking “kroywen” would take 13 minutes, “kr0yw3n” would take about 2 hours, “Kr0yw3^” 15 days, and “MA7ApUp#” about 3 years.
You can tell from these results that mixing capital and small letters are better for strength and more characters (eight instead of seven) also make a huge difference. Adding a single capital letter to the end of “Kr0yw3^,” such as “Kr0yw3nZ,” boosts the crack time to 3 years. Throw another special character in (“Kr0yw3^Z!”) and it jumps to 237 years.
Password Tracking and Changes
It’s easy for me to say that you should use a strong password and then expect you to remember that messy non-word string of characters. But how dare I suggest you use a different password on every site you visit and account you own. That’s madness!
Or is it? Here’s a simple trick that would make your already steroid-strong password even more muscular, while individualizing it for each entry. Simply take the initial three letters of the site or service you’re entering and append them to the beginning or end of your strong password. On Amazon, you’d have “Kr0yw3^AMA.” Your e-mail could be “Kr0yw3^EMA.” Facebook would be “Kr0yw3^FAC.” Notice I always use all caps for the appended letters, just to crank up the security. This can work for banks, shopping, social networks, you name it. It’s like creating a thousand passwords you can remember easily.
Every few months, you should change all of your passwords—everywhere. Even if you made a password that would take a few centuries to hack, you might have shared it with a co-worker or boyfriend or girlfriend, right? What happens when they become ex-coworkers or an ex-BF or ex-GF? Yeah, you can probably guess.
You could change your base (“Kr0yw3^”), which might be easy if you based it on an acronym for a longer phrase. Or you could change the appended letters by moving them to the front or even the middle (“Kr0yFACw3^” for Facebook). Perhaps switch to the last three in the service name (“OOK” for Facebook.) You could even stick in the date of the change. It’s your call.
You’ll be most annoyed when you encounter that select few sites that only let you have a short password of four, six, or even eight characters. What might have seemed easy before is going to soon becoming a vexing problem when you embrace the might of a strong personal password paradigm.
With the power of any new PC, Passwords can be cracked surprisingly easily. Don’t make it easy for hackers. Now is as good a time as any to implement these recommendations and help to protect yourself on-line. You can’t be too secure.
For additional website security we recommend implementing tools to monitor suspicious login attempts and then automatically block access after a number of failed tries.
Use Two Factor Authentication when ever possible.