Last month I attended a workshop about cyber safety. The presenter, Dave L. Rutz, is actually a Computer Forensic Analyst. As he enlightened us about how computer passwords are crack it really started to make me think. There are three main ways that a hacker will try to figure out your passwords. The first method is known as the Dictionary Attack. The computer will go through the dictionary one word at a time until it figures out your password. This is the easiest password to hack. You may think that you have an awesome password by using something complex like “underfunded”, if you look in the dictionary there are 113 words in the English dictionary that contain the word “fun” verses “fund” there are 56 words verses 8 words that start with “funde”… you can see how quickly the “Dictionary Attack” can work. The second, and more difficult to hack, is known as the “Brute Force Attack”. This method works by trying to figure out one letter at a time. This can take some. The final method that we talked about is a combination of both Dictionary Attack and Brute Force Attack. Again while you think that you have a strong and powerful password like “juglandaceous” there are actually 3 words in the English dictionary that start with “junl” and 41 words that start with “jug”.
Now that we know how easy it will be to hack your current passwords how can we make a strong password you might ask. First you might want to renew your current passwords if you either haven’t changed them in a while and/or you think you current password has been compromised. Next make your password complex by having it at least 8 characters, use upper and lower case letters as well as numbers and symbols. To avoid being hacked using the dictionary attack you will want to change your password to a “passphrase”. These are more difficult to crack. A passphrase might look like this “Tp4tci2s4U2g!” = “The password for this computer is too strong for you to guess!“. Notice the uniqueness of the password/passphrase, the caps / lower case, numbers, and symbols. Finally, make your passwords/passphrases unique. DO NOT use the same password for every account and DO NOT have your passwords relate to anything personal about you, such as your children’s names, address, zip codes, birthdays, car, favorite color. Thing about it, you post that kind of personal information about yourself on your social media pages all the time. If you have a hard time coming up with a password you can use this site to help you: http://www.onlinepasswordgenerator.com.
Of course while you are taking the time to come up with strong passwords you do not want to write them down on a sticky or shared media. If you put them in a file make sure your document is password protected or use a reputable password management software. When asked NEVER use the “Save Password” option on your computer. If you want to check and see how secure your password is you might want to check out: http://howsecureismypassword.net.
** UPDATE **
Here’s a great article about “The Big Password Mistakes That Hackers Are Hoping That You’ll Make”
Another great password checker: http://blog.kaspersky.com/password-check/