Are you guilty of the following password mistakes?
05 April 13
Stop ! Are you guilty of the following password mistakes ?
- You use the same password on all web sites you are registered with.
- Your password is too short.
Let's take each case and from an hackers point see what he or she can do with current technology.
1. You use the same password on all web sites you have registered with.
This means if one site you use is breached i.e. your password is leaked the attacker can access every site you own Facebook, Gmail, Twitter, Paypal and everything else.
Secondly, a dishonhest or incompetent website owner might store your password in plain text. Then if you register with that site the owner can take your password and email and try different websites to see if you have an account there.
2. Your password is too short.
With current technology and say your password is something like "dinky1", a computer programm can try all combinations of 6 digit passwords and crack that password in about 0.0244 seconds. That's quicker than it took you to read the last sentence.
Have a read of How big is your haystack it may change the way you see passwords forever. So what do we recommend ?
1. You need a different password for every site you use.
2. You password needs to be long.
Here are two ways to achieve both of the above.
A software solution such as 1password
1Password This will gerneate passwords for you and keep them safe.
You can create your own password scheme.
There are many but here's one example.
Create a table of unique words for each letter of the alphabet. (Please don't use this table, you really have to create your own and keep it safe.)
A Apple B Beetroot C Carrot D Dental E Elastic..... And so on.
Now, when you register at a site for example ebay, you can create a unique password in the following way.
- Take the first 3 letters of the domain name e.g. ebay.com (E, B, A)
- Choose the words from your list for those letters i.e. Elastic, Beetroot, Apple
- Combine them ElasticBeetrootApple
- Add some digits (this makes the password more secure) i.e. Elastic1Beetroot1Apple
- Add some non-alphanumeric characters. **Elastic1Beetroot1Apple
According to How big is your haystack
**Elastic1Beetroot1Apple would take 9.38 hundred billion trillion centuries to break. That's much longer than it took you to read the last sentence.
After a while you might not need the lookup table to re-construct your passwords as you start to remember it.