The difference between a good and a bad password might not be obvious to most of us. But for a hacker trying to get access to your personal data, the difference is like stealing candy from baby vs breaking into fort knox . Theoretically all passwords can be broken, it all just comes down to the data power you have at your disposal. Using a relatively simple software program, any simple password can be hacked within seconds. Hacking a good password on the other hand, will take you about 700 years..
Some time ago Russian hackers managed to gain access to more than 6,5 million password hashes from LinkedIn. The media frenzy talked about how LinkedIn lost all our passwords, but this is not 100% accurate. First of all, LinkedIn didn’t loose your password; they lost your password hash. When you sign up to a new website, they will run your password through an irreversible mathematical algorithm that gives your password a unique hash. The website will not store your password, they will store the unique hash that represents your password. When you revisit the website, they will simply run your password through the same algorithm and see if it creates the same hash that they have in their records. Brilliant isn’t it?
Size does matter!
The password hash solution has one weakness, and that weakness is unfortunately the human factor. If you know the password hash, you can try to guess different password alternatives and see if this creates the same hash. If you use a computer to do this “guessing” for you, you have something called a brute force attack. A relatively cheap home computer will be able to “guess” about 500 million alternatives per second, and that means that ANY password with 6 or less characters can be hacked in about 7 seconds. If you increase the length of your password to 12 letters, a modern computer will need 777 years to guess your password. Hence, the length of your password is the most important security measure.
Welcome to the dark side
Believe it or not, but Darth Vader is one of the most commonly used passwords on the Internet. For any hacker software this password is an easy match. The password darthvader1234 has 14 characters, but will still be possible to guess within seconds using the right software. This is due to the easily recognizable combination of a dictionary word and a logic number combination. If you want your password to be secure, you should stay away famous persons, favorite movies, and simple words in combination with a number etc. Advanced hacker software is designed to look for frequently used password combinations and patterns. The best advice for creating the perfect password, is to use a sentence that is easy to remember but impossible to guess; for example “Ilike2drinkcoffeeinthemorning”.
Passwords are like bubblegum
Once you have the perfect password, remember that passwords are like bubblegum;
- They are strongest when fresh
- They should only be used by one person
- When their left laying around they will create a sticky mess!