We’ve recently noticed that many email accounts are getting hacked. We all need to get better at creating and remembering more secure passwords to protect our personal information in this world of evolving technology. The growing, painful password problem is twofold: Hackers have gotten very good at what they do, with more capable tools than ever, and those tools can work so well because we are still really bad at choosing – and remembering – passwords.
According to Splash Data News and their list of 2013’s Worst Passwords, the password, 123456, still held the number one worst password spot but, 12345678, was push down a spot and replaced with the word, password. When we are creating passwords we need to do so without the reasons of convenience but of security. By doing this you can protect yourselves from a complete stranger wreaking havoc on your social reputation, credit rating and finances.
Before examining what a good password looks like it helps to know a little bit about the adversaries. With just the use of a PC a hacker can purchase inexpensive multicore graphics processing units which allow them to try about 8 billion password combinations in a second – thousand of times faster than just a few years ago. There is also powerful password software available for free and hackers have access to growing shared lists of millions of actual user passwords.
Professional password crackers know that users tend to pick a password with a familiar word or a dictionary word, capitalize the first letter and add the number and special character at the end (such as Spike1!). Even when we switch up these combos and techniques, hackers know this and a simple algorithm is all they need to get past it.
Solving the Problem
So how can you protect yourself with a secure password? Using upper and lowercase, symbols and numbers DOES matter. These tactics increase entropy (a measure of how random and guessable your passwords are), as well as the time it takes for a program to crack your password. To make a password more secure, add those special characters in unpredictable places and increase the length, which is the most important factor in password strength. It is also important to use a unique password for each of your logins.
One way to create more secure passwords that are easy to recall is to use passphrases — short words with spaces/without spaces or other characters separating them. For a passphrase to be effective it’s best to use random words rather than common phrases. Using passphrases like, quickparklargeballoon, makes it significantly harder for a computer to guess than something like Fi4re*w0ks3.
Most of you are probably reading this and think it will be impossible to remember and create unique passwords for all of your many online accounts. It may be a good idea for you to utilize password protected online services. There are management tools such as LastPass or KeePass that generate a long complex password for each site and remembers every one for you, leaving you with only one (hopefully very secure) master password to recall . Just keep in mind that if you don’t have access to the app or can’t remember the master key, you can’t log in, and if the password-manager database is hacked, all of your passwords are now offered up for grabs.
If you would prefer to create and manage your password database on your own then become educated and familiar with what makes a good password. I found that HowSecureIsMyPassword.net is a useful website that allows you to type in a password then view the details and calculations of how long it would take someone to hack into your account. Be sure to always take the necessary precautions when it comes to protecting your personal information. If you do get hacked be sure to change all your important account passwords immediately.
Popular Mechanics, February 2013 Issue, “Solving the Password Problem” by: Melanie Pinola