The Password is…..

Posted on by Jim Lastinger Leave a comment

The Problem

When working to secure our data we often overlook the most obvious of vulnerabilities, our passwords! We make our passwords easy for us to remember and in doing so they’re easier to break. First things first, a randomized 8 digit password is very strong. It’s made even stronger when providers require our passwords to have at least one uppercase letter, one lowercase letter, one special character, and one number. That process will generate 18,170,005,425,000 different passwords. If you were able to try 100 passwords a second, it would take you over 5,000 years to attempt every password! Surely, a randomized password would be almost impenetrable, right? Therein lies the problem, our passwords are not random. We compromise our passwords when we create them.

The characters we choose that compose our passwords are often words or numbers that have significance to us. For example, many numbers are often birth years, or just the number 1. Sometimes, it’s easier just to use a sequence of numbers like 123. By making the password relevant to us and easier to remember, we have made it easier to crack. In 2016 the 25 most common passwords made up about half of all passwords.

The Solution

Passwords are inconvenient. We’re supposed to have long, complex passwords and store them in our heads. To complicate our lives even further, we’re not supposed to duplicate our passwords for any site. While this may be ideal it’s also entirely impractical. The best way to maneuver through this seemingly impossible dilemma is to use a password manager.  LastPass and Dashlane are both excellent choices that provide users with the security of having a complex password without the vulnerability of writing it down or the inconvenience of forgetting passwords.

Take a moment to consider how many passwords you have. Do you use the same password for different accounts? Do any of your passwords contain numeric sequences? Are you vulnerable?

 

Sources:

https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf

The Actual Time It Takes Hackers To Crack a Password + Celeb Phone Hacking

Posted on by Jim Lastinger Leave a comment

How long does it take to break a password?Do you ever wonder how secure your passwords are?

In light of the recent celebrity phone hacking scandal which resulted in revealing pictures of 100 celebs being posted and shared online and via social media, you’re probably wondering how secure your own passwords are.

The hacker, in this case, “took advantage of a security flaw in Apple’s online backup service, iCloud. Many online services lock someone out after several unsuccessful attempts to log in, but not Apple’s Find My iPhone app and iCloud. That has been changed by Apple in the aftermath of the nude celebrity photo scandal. But with unlimited guesses, a computer program can generate and test thousands of potential passwords until an account is entered. It is called a brute force attack. The tendency of many people to choose weak passwords and to use the same password for each service helped. Once a celebrity’s Find My iPhone app password is discovered, the same password often can access iCloud. People might never know their accounts have been compromised.” (quote from CNN.com)

With that in mind, if your passwords resemble something along the lines of “123456” or “password” or you use the same password for all sites, you’re putting yourself unnecessarily at risk.

Smart hackers are adept at breaking codes in little time, and when you use a simple or common password, you’re opening yourself up to be the victim of online crime.

Here is the actual time it take a hacker to break a password:

  • Lowercase, 6 characters = 5 minutes
  • Lowercase, 9 characters = 2 months
  • Uppercase & Lowercase, 6 characters = 5.5 hours
  • Uppercase & Lowercase, 9 characters = 88 years
  • 6 characters with numbers & symbols = 8.5 days
  • 9 characters with numbers & symbols = 19,985 years

As you can see, adding a length and complexity to your passwords pays off BIG TIME.

Here’s a little tip, instead of using simple words for your passwords, use phrases. For example: “Time flies when you’re having fun!” becomes “TFlyzwhenurhavinFUN!”

A password like that won’t be cracked for millennia! 

And, be sure to use a different password or password variation for every site with a secure log-in.

For extra protection, look into a Virtual Private Network to protect your data and privacy on all your devices, anywhere in the world! Read more HERE.

For the full scoop on the celebrity phone hacking scandal, watch the video below.

Screen Shot 2014-09-05 at 10.38.23 AM

 

This post was inspired by an element of this infographic.