There is an insightful article over at WonderHowTo written by an IT security professional and forensic investigator. The article looks at ways to prevent hackers from accessing important information online. Specifically the article focuses on how to create strong passwords that will reduce the likeliness that your account will be hacked.
All passwords can be cracked!
The author makes a statement that should give everyone pause:
As your password secures all of the resources on your system, including your email and other important online accounts (banking, brokerage, etc.), it’s critical to choose a strong password that makes my job more difficult. Understand that there is NO password that I can’t break given enough time and CPU cycles, but like anything else, I’ll attack the low-hanging fruit first.
The author stresses that even though all passwords can be cracked eventually, if you choose a hard password the chances of being hacked are reduced.
To protect yourself, you want to force the hacker to take long enough that they will give up and crack your colleague’s or neighbor’s easier password before they crack yours.
The author give 6 steps to create strong passwords
Step 1: Never Use Dictionary Words
You might think that your word or words are rather unique and obscure, but it doesn’t take me very long to test every word and word combination in the dictionary. NEVER use a dictionary word!
Step 2: Use All of the Allowable Character Types
To slow the hacker down, make certain that use at least one of every character type in creating your password. This means using at least one lowercase, one uppercase, one number, and one special character. This will force the hacker to include all of these characters into their brute-force cracking character set, thereby forcing them to take much, much longer to crack your password.
If you use lowercase, uppercase, digits (0-9), and special characters, the number of possibilities that the hacker must try is 75 raised to the 8th power, or 1,001,129,150,390,625. That’s 1 quadrillion possibilities! This translates into about 5,000-fold increase in the number of possibilities the hacker must try.
To think of it another way, if the first password (8 characters, all lowercase) took 1 hour to crack, the second one would take 5,000 hours, or 208 days. That may be enough to frustrate the hacker.
Step 3: Never Use Just Numbers
Using just numbers for a password is “simply child’s play” for hackers.
Step 4: Change Your Password Often
It’s important to change your password often. “Often” is a relative term and it will depend upon the value of the information being secured by the password. If it is an email or online bank account, you might want to change your password every three months. Other passwords, such as your accounts on non-financial websites, once every six months or year is probably sufficient.
Step 5: Use Different Passwords on Different Accounts
Imagine a case where you find a website or a game online that you think is fun and entertaining. They ask you to create an account and a password. This might be a new company or a big company, but if they don’t secure their systems adequately, someone will hack their system and steal yours and all of the other accounts’ passwords.
The rule here is to use different passwords on different types of accounts. You might create one password for all of your highly confidential accounts, and one password for all the other accounts. That way, if that online game site gets hacked, I can’t take that password and get into your bank account.
Step 6: Create a Passphrase
Passphrases are the most difficult type of password to hack.
First, create a phrase or sentence that is meaningful to you. In this way, it will be easy to remember. For instance, “I love mountain biking and hiking.” Now, take that phrase and convert it into single string of uppercase, lowercase, numbers, and special characters
This creates an 18-character passphrase that uses uppercase, lowercase, special characters, and numbers that, although not unbreakable, would make someone like me invest significant time and computing resources to crack it.
The article gives very good advice on creating passwords that are hard to crack. We all are guilty of not following these 6 steps. Do you have any other password tips that you use to create and protect online passwords?