Password Strength And You: Are You Secure?
For my article this week, rather than finding something cool to write about, I decided to write about something that I feel is really important that most people don’t really consider. So, with that said, I hope you guys find this interesting and I would really appreciate any feedback in the form of comments!
If you’re anything like me, you probably use the exact same password for nearly everything. This isn’t the best idea because if someone obtains your password for one site, they can use it for all the other places too. However, I don’t even use a different password for every website I go to because that would be completely impractical. So, instead of having separate passwords for your personal email, work email, school email, AIM, etc. you can make sure you use one very strong password.
But, what makes a password strong? Well, to understand that, you’ll first have to understand how hackers break passwords. There are a few ways to do it. By far, the most common way to break passwords is with a technique known as “Social Engineering.” There are several ways that hackers try to “Socially Engineer” passwords. With the amount of information people publicly post on the internet, it is easy for hackers to guess passwords. An example of this would be the “secret question” that many websites will use to help you re-obtain your password if you lose/forget it. An example of a secret question would be “where did you go to high school?” or “what is your pet’s name?” Both of these questions and others like them can be answered fairly easily if your Facebook profile is publicly accessible. So, make sure you lock down your Facebook profile to make it harder for hackers to find out this sort of information!
A common method is through deception. A hacker may send an email where they claim to be an administrator from the site that you use that password for. A common name for this technique is called “Phishing.” In a Phishing scam, the hacker will send an email that appears to be legitimate, and often times it will ask the recipient to reply to the email with their username and password under the pretense that they need to verify the account. It is for this reason that you will see “we will never ask you for your username or password” in official emails from websites. The real administrators do not need to get this information from you through email so if you ever receive an email that asks for your password to anything, be suspicious because it’s probably fake.
Another common technique for hackers is actually just a form of guessing. Called “Brute Forcing“, the hacker will use a program that just starts guessing passwords in the hope that it will get it right. Many websites offer a safeguard against Brute Forcing in the form of a maximum attempts limit. If you’ve ever been locked out of a website for a certain amount of time due to guessing your password wrong too many times, you’ve experienced a maximum attempts limit. However, if the website does not use any sort of Brute Force protection, the hacker can set up the program to simply go through the dictionary, because many users will use single words for their passwords. A dictionary-based attack can obtain your password in a matter of minutes, which is why it is important to have a strong password! According to PC Magazine, the most common passwords are:
- myspace 1
- password 1
- [user’s first name]
All of these passwords are incredibly weak. Most websites will have some minimum requirements for password strength. This is why you generally have to have a minimum of 6 characters for your password. The longer a password is, the tougher it is to break. However, did you know that passwords are usually case-sensitive?
Let’s pretend that your password is “guitar”. “guitar” would be a very weak password because, as you learned earlier, a dictionary-based Brute Force attack could crack that password in a matter of a few minutes. To improve that password without having to remember anything extra, you could simply capitalize the first letter. By replacing “guitar” with “Guitar”, you’ve improved the strength of your password tremendously. That’s not the only thing you can do though. Let’s say your birthday is March 21st, 1987. A good password then could be “Guitar32187”. The combination here of a capital first letter and numbers makes it nearly impossible for a hacker to crack using the Brute Force method. However, for one last added bit of security, I recommend you add some sort of punctuation mark to the end of the password. An easy one to remember is “!”. It’s like you’re shouting your password at the computer. So, then your password would be “Guitar32187!”
So, are you using a weak password? If you are, you should really consider making a few small modifications to the password to make it stronger. If you click here you will find a password strength tester. It will give a rather complicated break-down of why your password is secure or insecure and provide a score for the password. It’s a good way to measure if what you are using is adequate. Our first example, “guitar” only gets an 8% for security. By changing it to “Guitar” the score is upped to %22. By changing it to “Guitar32187”, the score is changed to 93% and by adding that final punctuation mark (!) to the password, its strength is improved to 100%.
So, how secure are you? If you found any of this helpful, I appreciate any feedback! Don’t forget to take your quiz, either!
Entry filed under: Uncategorized.