The most common way which hackers use to strong-arm their way into computers and access personal information is by guessing not so strong passwords.
How is this possible by just guessing passwords?
The top 2 methods that hackers use to crack passwords are just that, guesses. A Dictionary Attack runs a file containing words from the dictionary against your password. Words like sunshine and princess are commonly used passwords and combining words like ‘LetMeIn’ won’t protect you for more than a few seconds. Brute Force attacks are similar but much more rigorous. They work by combing through all possible alpha-numeric combinations from aaa1 to zzz10. With this technique it inevitable that it will crack your password eventually.
However, the root problem is that 73% of users have the same password for multiple sites. 33% of people use the same password every time and with the average user having 90 online accounts it becomes a simple and easy numbers game.
Most of the time, cracking one password is all it takes to gain access to multiple accounts. If not used directly, this information can be sold onto the dark web’s ‘Dream Market’ alongside drugs, weapons and other illicit items.
Hacked websites listed include MyFitnessPal, MyHeritage and Animoto. These break-ins have resulted in stolen data such as email addresses, passwords, location data and other personal details. You can check whether you’ve been involved in a data breach at ‘HIBP’.
For an individual, the consequences of hacking can be lifechanging, with the average recovery time from identity theft being 6 months and 200 hours of work. For a business, the consequences are catastrophic. Back in 2015, TalkTalk suffered from a cyberattack compromising more than 400 million customer accounts. This cost the company £60 Million alongside the loss of over 100,000 customers. The Ponemon Institute sponsored by IBM puts the global average cost of a data breach at $3.6 Million or $141 per data record. If you’re in Europe, GDPR is now in effect. Penalties can stack up to £17.8 Million or 4% of global annual turnover – whichever one is the highest.
The Strength in Numbers
Most importantly, passwords should be long and complex. A 6-character password with only letters has 308,915,776 possible combinations, 8 has 208,827,064,576 and an 8-character password with letters, numbers and symbols has 128,063,081,718,016 possible combinations. There is strength in numbers.
|No. of characters||Just Numbers||Just Letters||Letters & Numbers||Letters, Numbers & Symbols|
A standard PC running a password hacking algorithm will discover a 12 digit password in about 18 hours. A supercomputer could take less than 1/100th of a second. At the other end of the scale, the PC could take over 3million years to work out 12 digits using letters, numbers and symbols. It would still take a supercomputer six months!
How to Build a Strong Password
As a rule of thumb, you should never write down your passwords. This is inviting passwords to be stolen and used by someone else. In addition to this, you should never use the same password more than once.
One method of creating super-strong passwords is by creating a shape on the keyboard – incorporating symbols, numbers and letters.
Of course, remembering 90 different passwords that look like ‘2wdc4rfv6yhn’ is a big ask. One way to do this is by turning a sentence or phrase into something not easily recognised. For example, the word ‘to’ could be replaced by number 2.
A second route to a super-strong password is through the use of Random Keyword Generators. These tools can create passwords that easily clear 30 characters of random words and numbers.
Use any of these methods and a hacker trying to break into your account will go out of business before getting in.
But the truth is, we aren’t all geniuses.
These complicated, strong passwords will end up keeping us and the hackers out. Solve this by getting yourself a Password Manager. Tech Radar has tons of free options. Password Managers allow you to create unique passwords for all your accounts while you only need to remember one.
All in all, a weak password leaves you, your friends, family and business vulnerable. Taking proactive steps to security is far better than a 2-month long fraud dispute with your bank. Prevention really is better than cure. Reach out to SystemsIT for more information on safeguarding your livelihood.