Create Strong and Unique Passwords for every Account

So is a strong password that important? Should we use passphrases? Do passwords really get cracked?

YES, YES and YES.

There are many techniques for obtaining passwords and over the years, these have become more sophisticated. The top methods for cracking passwords, in no particular order are brute force attacks, rainbow table attacks, social engineering, phishing, malware, and the completely unsophisticated method of guessing. We will get to what all of these are shortly.

The more complex your passwords are, the less likely they will be obtained. Use the following guidelines when choosing them:

• Combine upper and lower case letters.

• Use no less than eight characters. Passphrases are best.

• Include at least one number and one special character. More is better.

• Make them easy to remember, but difficult to guess. For example, make them create a pattern on the keyboard.

Sometimes it helps to know why it’s important to have strong passwords. It’s because time is money; even in cybercrime. The easier the password, the easier and faster it is to crack. Criminals crack passwords in bulk, so when they get enough easy ones cracked, they move on to the next phase of their crime and dump the uncracked passwords.

Knowing what some of the methods are for getting them may help in understanding why it’s so important. So let’s get back to those tactics.

At a high level, rainbow tables are long lists of every possible plain text permutations encrypted passwords. Attackers use these in password cracking software and can try a lot of passwords in a given timeframe, depending on the size of the list. This is why security experts recommend using longer passwords and phrases. The longer they are, the more time it takes for them to be found in these lists.

Brute force attacks use dictionary words working through all possible combinations of alpha-numeric characters from zz1 to zz10. These are not quickly done, but the longer the password, the longer it takes to figure it out.

Social engineering is the foundation of so many security related breaches; whether they are intrusions into a network or theft of a password to get into an account. At a basic level it involves getting users to give up passwords. Hackers are amazingly successful at getting information by pretending to be someone else and bringing victims into their confidence. A favorite scene for the social engineering actor is to call workers in an office posing as the IT person. They simply ask for passwords and it works.

Phishing is everywhere. On an average day, more than 156 million phishing email messages are sent out. Most get caught in spam filters, but many don’t. Of the 8-9 million that actually make it to users’ in boxes, about half are actually opened. Roughly 10% of those are acted upon. These messages are trying to coax the users out of information and often times it’s passwords to some account that will net the thief something of value.

Guessing still works. People often create passwords based off of information that is not so hard to find out such as kids’ names, birthdates, pets names, etc. Then, they post their kids’ names, birthdates, pets’ names and so forth on their social media profiles. A savvy hacker may use the aforementioned social engineering techniques to befriend victims and simply guess passwords.

Finally, there is malware. This is software that ends up on a computer or device and can be used to log key strokes (key loggers) to redirecting a web browser to fake websites.

There are many more strategies for getting passwords. No matter what you come up with for your password creations, they need to make sense to you and no one else. If you must write them down, do it. Just keep it separate from your computer and mobile device and keep it out of plain sight.

Stickley on Security