How to create secure passwords
A second form of authentication is the best security
Find out how to protect your accounts and stop the hackers dead with a strong password.
Hacking is in the news a lot and we’re not talking about teenagers breaking into the defence department or NASA for a lark. These new-wave hackers are after your accounts so they can steal your money, identity and for other nefarious schemes. Recent breaches at big-name sites such as LinkedIn, eHarmony and Last.fm have seen millions of user passwords stolen by hackers. Thankfully these stolen passwords were protected to a degree by a system called hashing, but hackers can still break this protection if the original password is very common or short.
How passwords are hacked
The question is, what makes a strong password? The best way to answer this is to look at how a hacker would try and crack your password and there are two approaches. The first is called a brute-force attack where a computer is used to try every possible combination of characters, number and symbols for every possible length of password. This takes a long while but given enough time it’ll crack every shorter password. The second approach is a dictionary attack where common password combinations are used. This is very quick but limited to the dictionary.
Some groups suggest using completely random letters/numbers/symbols but these are tricky to remember and are just as vulnerable to a brute-force attack as a memorable password. The only real protection is to make a password longer – using, say, four standard words. As an example the password “sliding monkey trips thatcher” is both memorable – just think of a sliding monkey tripping up Margaret Thatcher – and secure. The maths is complex but that password would take 550 years to break while a seemingly complex password like “Liv3rp0ol5%” could be cracked in just three days.
A good site for getting automatic passwords is create-a-password. It can make memorable passwords with a spattering of case, symbols and numbers. Keeping on top of all of these passwords is a major issue – especially as the best advice is to have a unique password for EVERY site and service – so a password manager is an obvious choice. For a free option we’d recommend KeePass this is available on all desktop and mobile systems so you can take your passwords everywhere. If you want something slicker then LastPass is a free and paid-for service, but as it only costs the equivalent of $1 a month it’s hardly breaking the bank to protect your bank. It’s multi-platform and very well designed.
If you reuse passwords across several sites your password is inherently weak. Banks know this, which is why many have introduced systems called Two Factor Authentication – by using a keycard or sending your mobile phone a passcode via text message security can be increased hugely for only a minor inconvenience. Many sites now offer this as an option: Google, Facebook, PayPal and even Blizzard for its World of Warcraft game offer phone-based authentication systems that you can opt into. For the security and peace of mind it’s well worth it.
You might also like to read:
- 5 things everyone should know about encryption
- Watch out for fake Twitter links
- Don’t fall for fake bank emails
- Stay safe online with Norton Internet Security