The number of accounts and websites we have to log in to is growing, and will continue to do so for the foreseeable future. One downside of this increased activity is that security breaches will also continue to rise as well. When it comes to security, often the weakest points are the passwords people use. Far too many passwords are weak and easily guessed, which puts systems and data at risk.
Many of the major security threats that harm a business have one factor in common – a hacker gaining access to systems by cracking a user’s password. The one reason hackers are able to get into systems again and again is largely because users often don’t pick strong enough passwords.
Even what we might perceive to be a strong password may not actually be as secure as we think. Sure, when you enter a new password many websites have a bar that indicates how strong your password is, but the issue is, these so called strong passwords are becoming easier to guess as more websites utilize the same requirements.
Think about the last time you changed your password. You were likely told to key in a password longer than 6-8 characters, with at least one capital letter, one number, and a special character like ‘!’ or ‘$’. Many major systems have these exact, or at least very similar, requirements for password setting. However, If this is the norm, and you use a password like this too often then your passwords likely aren’t as secure as you might believe them to be.
The reason for this is because of the way hackers usually capture passwords. The most common method adopted is brute force – getting a username then trying every password combination until the hacker finds one that works. There are programs you can download from the Internet that try thousands or more passwords a second, and many now include special characters, numbers, and capital letters, which makes finding passwords even easier.
How do I know if my password is secure?
In an effort to showcase how unsecure some passwords are, Microsoft’s Research (MSR) Center and an intern from Carnegie Mellon University developed a password guesser called Telepathwords.
The way it works is you enter the first few letters of your password and the system guesses the next. It uses common letters and combinations to help gauge the effectiveness of a password. For example, if your password begins with the letter ‘v’, it will tell you that ‘I’, ‘S’ and ‘A’ are the most common letters to follow. If the next letter of your password isn’t one of these three, there is a good chance it is more secure. If the second letter is one of these three, then your password is less secure. This may sound a little complicated, but you should check out the system here.
It is eerie at how accurate the next letters and characters often match, and this is a good tool to determine whether to create a more robust password. You don’t have to worry about testing your password out either as Microsoft has noted that they don’t track the keystrokes, so you password should remain secure.
How do I create a stronger password?
Ask 10 experts and you will likely get 10 different answers as to what makes a strong password. Here are three different ways to create secure passwords:
- Use an algorithm – The easiest way to do this is take the first letter of a saying and add a number before or after. You can also create a saying and take the first letter of each word, then add the first letter of the website, followed by the last, and then a number. This method is best for when you have a large number of websites you access on a regular basis, it can help you remember your passwords for each without you having to write these down.
- Use a sentence or saying – For systems that allow you to have spaces in your password, try using a random saying like, ‘Dogs like pudding cups’. Sayings like this are harder to crack. This is largely because they include the space and are longer than usual.
- Use an acronym – Come up with a saying that describes you e.g., ‘I’ve worked at a gas station for 20 years’, and take the first letter/number of each word to create: ‘Iwaagsf2y’. This gives you an easy to remember password that can be adapted for other sites.
Regardless of what type of password you develop, you should be aware that even strong passwords can still be cracked with enough persistence. So, you should be sure to change passwords on a regular basis and also not to use the same one twice. This will limit the chances of hackers being able to access your other accounts.
If you are looking for more ways to secure your systems, we can help, so get in touch with us today.