We’re making it too easy to get hacked
With all of the recent revelations of stolen passwords and usernames it’s about time you took note that using single passwords for multiple sites is no longer safe. Neither is using simple to guess combinations. Read on to understand why you should use strong passwords to protect yourself on-line.
Most of us will understand that writing a password down is not a good idea and so will have adopted ways in which we can manage our passwords easily from memory.
The problem is that this often leads us into doing what we are told not to do. That is, using a simple password which is easy to remember or using the same password for multiple accounts across the web. And when we’re time challenged, the last thing we want to do is to have to request a password reset and await the confirmation email.
So why do we really need to use strong passwords and why does it matter if we use the same one across many sites? Consider the following few scenarios:
Using brute force to crack passwords
A hacker breaks into your favourite website and steals usernames, email addresses and password combinations. Most websites, but not all, store these passwords in an encrypted form so they cannot easily be read by a human. However, once downloaded, the encryption can be reverse engineered by brute force and converted into a readable form. How successful this de-cryption process is, will usually depend on how strong your password is. Two simple metrics that influence that success are:
- Using simple passwords, of which there are many. Examples, are “password”, the name of the website such as “linkedin”, words from a dictionary, person names, place names, postcodes, zipcodes, “Iloveyou” etc. With the right software, millions of passwords like generic phentermine price this can be decrypted within a few hours and then played back into the website to break into the targeted account.
- Length of password has a big influence as well. A five letter password can be cracked in a few seconds whereas an eight letter password could take two months to try all combinations. Nine or more characters provides enough combinations that it is unlikely it would be cracked in a useful time period. However, with continued improvements in hardware performance, these times will inevtiably come down increasing the liklihood of your account being compromised if you continue to use short passwords.
Using stealth to crack passwords
A hacker uses stealth to try and crack your password. This can be surprisingly simple if you use passwords related to you personally. Social media encourages us to share ourselves online giving away lots of vital details about what matters to us. This can often influence our choice of passwords, such as a favourite pet’s name, leaving us vulnerable. Hacks like this can also be successful by sifting through the outputs from the brute force attacks where, through aggregation, your id appears more than once. Here they may be able to determine patterns of your password selection and apply this to other sites. If the passwords are the same, the guess work becomes a whole lot easier.
Taking over your other accounts
Once a hacker has broken into your email account, then it is quiet a simple job of gaining control of your other accounts, such as Dropbox or Evernote, by simply requesting a password reset which will often just send a verification email to your email account. The assumption is that you will always be in control of your email and that this is enough of a test.