There are three questions to consider for password security:
1) Are you using the same password for everything?
2) How easy is it for a computer to guess it?
3) How easy is it for a human to guess it?
To begin with, using the same password for everything, is the equivalent of using the same key to lock both the front door to your house and also your car! As soon as someone has access to this key, they have access to both!
Now, upset by this news, you find yourself questioning how many times you have used the same password online for your personal email accounts, subscriptions to online services (whatever they may be) and various newsletters that 2 weeks later mean nothing to you. You also begin to question how someone is capable of thinking up a unique password for every online service and remember it. The answer – Password Managers.
What’s a Password Manager?
A Password Manager stores all of your passwords for different sites into a single database. This allows you to quickly search for and find your login credentials for a specific site without having to remember each different password. What keeps the Password Manager secure is the database becomes automatically encrypted and you specify a key to unlock it. You now only need to remember the password for the Password Manager and not for the mass amount of sites you have login details for. There are a number of tools available just by doing a Google search for ‘Password Manager’.
Moving onto password complexity.
Be warned that theoretically, any password can be cracked by a computer. It is all but a matter of time. There are calculators available online which show roughly how long it takes for a computer to crack a password. Bear in mind that numerous computers could be working together to speed up the process. It’s all about the bit length, making your password longer so cracking it becomes unfeasible.
Most common ways to crack a password?
- Dictionary attacks may be used, where the computer will go through a long list (10’s of thousands of words) one by one, until it finds the password.
- Brute force, where the computer will go through every character combination one by one until eventually it finds the password.
So how do we stop humans?
The longer your password, the more secure it becomes and the longer it will take to crack. When creating a password, it should not be easily predictable to others. For example, your friend Dave should not be able to guess the password ‘jeffrey1986’ and obtain access to your email account. The password should contain various characters such as both upper and lower cases, numbers and symbols. An example of this would be ‘J3ffr3y!986’. I don’t imagine Dave will be guessing this anytime soon!
Now you have the basics for secure password usage! Be safe.