Why You Need Stronger Passwords and How to Create Them
A three-part strategy for more secure—and manageable—passwords
Passwords: We all have them, we all use them and we all need them. They protect our accounts, secure our sensitive information and keep our data from being compromised. But they’re useless if they’re weak, worthless if you can’t remember them and no good if a hacker can see right through them.
Think about every app you log into. Email, shopping, banking, streaming services, social media accounts, work-based software, bill-pay sites, games, device lock screens. There’s a ton of personal data behind each of those applications, and it’s all password-protected. A survey by the team at Dashlane, a password management app, found the average person has at least 90 online accounts.
We know our data is valuable, but what we overlook sometimes is just how vulnerable it is. For a cybercriminal, data is power. Hackers are after our info relentlessly, and in ever-more sophisticated ways.
‘Cracken’ the code
Think your data is “safe” behind a browser password manager? Strides have been made to lock down browser security in recent years, but browsers can be breached. Apps and operating systems can be hacked.
A team at IBM built a machine called Cracken that can crack passwords up to 14 characters in less than 5 minutes. The scary part is, cyber criminals are putting similar technology to work.
“It uses an array of video cards that are very good at this specific type of math and goes through every possible permutation,” says Charles Henderson, in an interview with CNBC. “It can do millions of them in a second. Over the course of that 5-minute period, it can try every single up to 14-digit password that you can muster,”
Henderson is a global managing partner with IBM Security’s X-Force Red, a team companies pay to test their security.
Criminals are catching on
Some of the strongest passwords combine upper- and lower-case letters, numbers and special characters. Those are still very strong, especially if they’re lengthened into a passphrase.
But not only are they hard to remember, hackers are catching on. Cybercriminals do searches for widely used word combinations and common phrases. What’s more, they’re already one step ahead of the predictable character substitutions you once thought were sneaky. Yes, they’re ready for an “S” that becomes “$”, or the “@” that takes the place of an “a.”
When it comes to password security, where’s the balance between manageable and mighty? The answer is, it’s a combination of factors. Consider the following formula:
Who says password-building can’t be fun? Here’s where your imagination can run wild.
OrangeHippopatamusRefrigerator. PurpleZebraAquarium. StaplerOctopusSpaghetti. These phrases are quirky and odd, but that’s the beauty of them. They’re common enough to be memorized but long and random enough to deter the phrase-hunting hacker. Hackers are less likely to sit and unravel your long, random string of words. Throw them off. Go long.
Two layers of security are better than one. If a website or app allows you to enable dual-factor authentication, do it. That code sent to your phone or email does add a step, but it might just save you.
Even if a hacker manages to nab your password, the second line of defense offered by two-factor security could still keep a cybercriminal out of your account.
One little lie
Ok, we’re not trying to steer you off the moral path here. Generally, lying is a bad idea. But a harmless fib on a password recovery question? Pulling a Pinocchio might just bolster your account security.
Websites serve up password recovery questions as a way of allowing you access to an account for which you’ve forgotten the password. Many are generic though, and that’s why they’re flawed.
Details such as your hometown, birthplace, pet’s name or favorite author can easily be dug up via web search or a quick social media snoop session. When it comes to those account recovery questions, lying about your favorite food or sports team might actually protect you.
With so many online accounts, it can be hard to keep all your passwords accounted for. Password management apps make it easy, not only storing all your access information in one place, but saving you from having to memorize everything. Password managers are easy to use, secure and keep all your data encrypted.