Password Security, Part One: Passwords are Easy to Guess

14 Jan Password Security, Part One: Passwords are Easy to Guess

Posted at 21:47h in Inside the Industry by
1 Like

Most people have been told by someone they consider “tech savvy” that they need to begin using strong passwords. But what does that actually mean?

You’ve already created a password that is unique; it has your wedding date, the name of your baby and even an exclamation point on the end! Somebody would have to know you pretty well to be able to figure out your password, right? Wrong. Chances are high that someone attempting to get in to your account will be able to obtain the information they need to make an educated guess. Let’s break down how, so we can understand why we need to use something more robust.

Here’s one way anyone can figure out your password:

[av_one_half first]We will begin with the date of your wedding. When you applied for a marriage license you did so through the state you were going to be married in. Usually (in most cases) this is the state in which you have permanent residence. If I were a hacker, I could easily find out where you live by doing a search on Facebook or in the white pages.

Once I know what state you live in, I am able to browse public records, find your marriage license, and obtain the date of your wedding. I now have the first piece that I needed. While i’m browsing Facebook / public records, I might as well just request public records for your child to get their name, date of birth,  or any other piece of special information you assumed only you or someone close to you would guess. Now if I just try an exclamation mark at the end…[/av_one_half]

[av_one_half]

 

Using personal information as your password is incredibly insecure.[/av_one_half]

[av_one_full first]

Most hackers are clever, don’t make their job even easier!

Hopefully by now you’re beginning to see that, in today’s world, very little information is private. In fact, most information is easily accessible if you know what you’re doing- and the people trying to break in to your accounts usually do.  Take a moment to think about all the other things that are public information or accessible with a background check; your home address, phone number, animals names (if registered), your employer, what type of vehicle you drive, and so much more.

Here are some tips for creating a stronger password:

[/av_one_full]

[av_one_half first]

Stealing passwords is easier than you think!

[/av_one_half]

[av_one_half]

Method 1: Random Characters:

  1. Use a random combination of uppercase & lowercase letters i.e.(EreUlsP)
  2. Get in the habit of using at least 14 characters i.e.(EreUlsPqkIBNvz)
  3. Mix in some random numbers i.e.(Ere4lsP2kI7Nvz)
  4. Replace a letter or two with punctuation i.e.(E!e4l&P2kI7N@z)

Password:     E!e4l&P2kI7N@z

The final product is going to be hard to remember; that’s the point, but it’s going to protect your accounts and information from malicious attacks.

[/av_one_half]

[av_one_half first]

Method 2: Using a Sentence or Phrase:

Some admins suggest using a sentence or phrase that’s easy for you to remember, but isn’t generated from public information. Perhaps you really loved the movie Beetlejuice. You could consider the following.

  1. Pick a phrase i.e.(Dontsaybeetlejuicesnamethreetimes)
  2. Add in some capitals i.e.(DontSayBeetlejuicesNameThreeTimes)
  3. Use at least one number i.e. (DontSayBeetlejuicesName3Times)
  4. And don’t forget about punctuation i.e.(Don’tSayBeetlejuice’sName3Times!)

Password:      Don’tSayBeetlejuice’sName3Times!

[/av_one_half]

[av_one_half]

beetlejuice[/av_one_half]

[av_one_full first]

The final product is going to be much easier to remember than our random character password, but is still going to be difficult for a person or computer to guess. If you’re not the type to write down your password and physically carry it around, then you might want to consider this approach.

fawkes-fx-blog-web-security-cover-image

At the end of the day it’s ultimately up to you to decide how secure you want to make you online accounts. There will always be hackers and vulnerabilities that are outside of your control, but a password is one line of defense that you get to manage. Please take the necessary steps to protect yourself and your information from malicious attacks, and whatever you do, never use the word “PASSWORD” in your password!

If you’d like help creating a strong password, you can use one of these random password generators:

http://passwordsgenerator.net

https://identitysafe.norton.com/password-generator/

https://lastpass.com/generatepassword.php

https://www.random.org/passwords/

 

Use these links to test the strength of the password you’re already using:

https://howsecureismypassword.net

https://blog.kaspersky.com/password-check/

https://www.grc.com/haystack.htm

http://www.passwordmeter.com

 

Fawkes FX is a full-service creative digital studio that helps businesses grow online. Aside from digital advice, we offer responsive website design, branding, photography and animations. Learn more about us on our website!

[/av_one_full]

 

Tags:
No Comments

Sorry, the comment form is closed at this time.