Password Security

I could hear the frustration in Walt’s voice over the phone.  “I’m looking at my website right now and instead of a home-page, I’ve got a black page that says I’ve been hacked.”  After restoring Walt’s website from a clean backup, I turned my focus to determining how the hacker got in.  As it turned out, Walt was using his favorite password for his website – the same password that he had used on many accounts for years.  He knew that he should update his password, but he hadn’t done so because until that morning it didn’t seem all that important.  With cyber-crime on the rise, let’s take a quick look at one of the most common ways that passwords are compromised and what 3 things you can do to keep your login information safe.

3 things you can do to keep your login information safe.Brute Force Methods

Brute force, sometimes known as an exhaustive key search, is a method that consists of trying enough password combinations until the right one is found.  There are plenty of software programs available on the Internet that make it relatively easy for a kid with too much time on his hands to try and brute force his way into your online accounts.

These software programs start with a dictionary – a long list of words like you would expect to find in the dictionary.  This list contains lots of names, because people frequently use someone’s name as a password.  Birthdays and phone number are also popular passwords and the “dictionary” would include thousands of combinations of names, numbers, and misspellings.  Substitute spellings where the numeral 1 is used in place of the character L are included in this list.

Password Safety Best Practices

Longer passwords are better than shorter passwords.  As you would expect, an 8 character password is much harder to crack than a 4 character password.  This is because the resources required for a brute-force attack grow exponentially with increasing password length, not linearly.  As a result, doubling the password length does not simply double the number of possible combinations, but rather squares them.  This means than an 8 character password is 16 times harder to crack than a 4 character password.  Make sure your passwords are at least 8 characters in length.

Using as many types of characters as possible greatly strengthens your password and makes it much more difficult for your login credentials to be cracked.  This means you should use upper case and lower case letters as well as numbers in all of your passwords.  Using symbols like exclamation point (!), period (.), dollar sign ($), dash (-), etc., although not always allowed, greatly increase the security of your password.  To see the difference that it makes in how long it would take for a brute-force password cracker to guess your password check out this table showing how long it would take for various lengths of passwords and characters.

Changing your password regularly is a security best practice.  I know this is easier said than done, but this is one of those areas where an ounce of prevention is worth a pound of cure.

Walt’s situation is unfortunately not uncommon.  Walt was lucky.  He discovered the problem within just a few hours of when it happened and had access to a clean backup of his website.  I was able to restore his website by the time he opened his doors for business in the morning.  Most people in Walt’s situation aren’t that lucky.  With cybercrime on the rise for the foreseeable future, it pays to be careful.

Leave a Comment