Passwords

Think your password is a good one?  We’ll see in this post.

Dictionary Attack

Lots of people use dictionary words for their password.  An example might be “nebraska” or “hamburger”.  These are easy for a computer to guess by running through the words in a dictionary and trying each rapidly as a password until a match is found.

Brute Force

Brute force is just that.  Think of it as instead of picking the lock, we smash through the door.  This is done by trying all possible passwords until a match is found.   Obviously the longer the password and the greater the possible characters to pick from, the harder it is to guess.  This is why a password that uses uppercase and lowercase letters and numbers and special characters is so hard to guess.

Guessing

This is the use of cleverness in guessing the password.  Lots of times people use their birth date or their children’s birth date or their address as all or part of their password.   Even pet names are used. Or their social security number or part of it and so on.  This makes some passwords easy to guess.

Good and Bad Passwords

A good password is one that is hard to guess.  Without going into the math behind the permutations, suffice it to say, longer is harder to crack.  The more variety in characters, the harder as well.  For example, if each character of your password can only be lower case letters, then in America there would be 26 possible values for each character.  If you add capital letters, this goes to 52.  Add in numbers 0-9 and the possibilities are 62.  Add in special characters like: & * ( ) and the number of possible characters for each position in your password goes to 84.  This is why many places require you use an uppercase letter, a number and at least one special character in your password.

People often forget that their user name functions in a similar way to that of their password as most must be guessed.  Common user names are ‘admin’, the first initial and last name, the last name and first initial,, and guessable email addresses.

Smart Password Usage

Let’s assume your login/password is compromised, meaning a bad actor has it.  Did you use the same password for all your accounts?  Uh-oh, now they will run around trying it on all sorts of accounts where you might have left a credit card on file.  Bad Actor: “Let’s try Amazon and see if they have an account there with an active credit card, summer is coming up and I need some outdoor gear.”

Solutions

  • 1) Use one password for all accounts that don’t have an associated credit card.
  • 2) Use a different password for each account with a credit card so, in case one is compromised, all aren’t.
  • 3) Use a strong password on the accounts with a credit card.
  • 4) Unless you use an account everyday to make purchases, consider not attaching a credit card and instead enter it at checkout.

Password Do’s and Don’ts

These are some rules to help you discover your passwords that are difficult for a hacker to determine:

  • Don’t use a family name / birthday as a password.
  • Don’t use the family pet name as a password.
  • Don’t use your banking PIN as a password.
  • Don’t use a password so complex that you have to keep it on a yellow sticky note on your screen.
  • Don’t use a dictionary word as your password.
  • Do use a password wallet like RoboFormTM.
  • Don’t share passwords.  If you must, change it afterwards.
  • Do change your password at least every 6 months or if you suspect or are notified of trouble with your account or a beach at the place where your account is.
  • Do use a password phrase you can remember like: snow7beach14!  Where your age is NOT 7 or 14.
  • Use a long password of at least 12 characters if you can.  (The one just above is 13 characters in length.)
  • If possible, don’t pick a user id associated with your name, address and so on.  Remember the user id works just like your password in that is too must be guessed.

RoboForm is a trademark of Siber Systems.