“So the combination is… one, two, three, four, five? That’s the stupidest combination I’ve ever heard in my life! That’s the kind of thing an idiot would have on his luggage!”
– Dark Helmet from Spacebars
The quintessential quote from an amazing 1987 Mel Brooks movie, and yet in 2016 that’s still so many peoples password. As is password, password1, 111111, and football. So with these commonly used passwords how safe can you really be?
In the past creating complex passwords such as “H7jz9%n12q.3)” was secure. The problem is how do you remember such as complex list of characters like that? You would probably write it down in on a sticky note attached to your computer screen, or in your notes app on your iPhone. You’ve now taken a complex password (which by the way would take 1.65 hundred centuries to crack according to the Gibson Research Corporation Haystack calculator…more on this in a bit), and made it easy for anyone to get to it. Let’s argumentatively say this was your banking password – but it’s so hard to remember you put it in your notes app as “Chase password”. If you lose your phone is your bank account safe now? Probably not. You’ve now made a luggage combination.
So how do you keep your passwords safe? You could use an app like 1Password, but they were almost breached just last year. According to an ethical hacker article at Fatherly.com, the bigger problem with using 1Password is people tend to store the master password file in the cloud in an unprotected area – which IS breachable. So keep the master file on your computer.
Another option is to use less complex passwords to remember but harder passwords for a computer to guess.
When someone uses a brute force tool to try to break your password they don’t know anything about your password. The system goes through a dictionary, and then starts to replace letters with numbers and so on. So if your password is “dog”, which will take 18 seconds to crack at 1000 guesses per second, using d0g will only get you to 48 seconds. So let’s look at some better passwords.
I usually tell clients think of 4 words, unrelated to one another. So for this example I’m going to use Taco, Street, Laptop and Blanket. Using my password haystack calculator tool putting these 4 words together will take 9.53 hundred trillion trillion centuries (assuming 1000 guesses per second) or 9.53 thousand trillion centuries with a massive cracking array. Ain’t nobody got time for that! Remembering TacoStreetLaptopBlanket is pretty easy to remember isn’t it? I bet if you close your eyes right now you could recite the password without a problem:
- Taco
- Street
- Laptop
- Blanket
Easy right?
Lets make it harder for those hackers though. Let’s change the it to TacoStreetLaptopBlanket100*. Now it will take hackers 80.45 thousand trillion trillion trillion centuries in our 1000 guesses per second scenario, or 8.04 hundred thousand trillion trillion centuries in the massive cracking array.
Somethings to note. Notice how I didn’t use an exclamation mark at the end of my password? The exclamation mark is the most highly used symbol in passwords. Stay away from the exclamation mark! (see what I did there 🙂 ).
These are the two best ways to protect your data. Remember your house is only as safe as your locks are – once the locks have been picked everything is open to the hacker.
In a future blog post we’ll discuss how to keep your data safe from those SPAM emails asking you to log into your services (such as gmail and paypal).