Tuesday, May 4, 2021

Strength in Numbers (or Characters?!) - World Password Day

PASSWORD STRENGTH:

We all know the drill: enter a username and password to access your accounts. But are you aware that, in many cases, your password is the only thing standing between your important on-line accounts and a malicious actor trying to get in and steal your information, your identity, and your money?  That is why having an effective password is so important.

So, what constitutes an “effective” password?

Well, a password is “effective” if it keeps bad actors out. But to do that, you need to know what you are up against.  These bad actors have at their disposal many tools that try to defeat your password. One is a list of maybe the 10 million or so most common or previously hacked passwords, including popular variations of some of the more common. Adding a zero in place of the “o” in “password” will not be any more secure. They also use “dictionary” attack tools that look for actual words or variations of words (like the zero vs “o” above).  Finally, if those fail, they use tools to rapidly guess passwords one character at a time. So just using any a random collection of characters, if too short, will still allow the hacker to guess the password in a reasonable amount of time.

How do I have a strong password?

1.      Make it long – 14 or more characters. This dramatically slows down the character-at-a-time guessing technique. 

2.       Use a “pass-phrase” instead of a “password”.  String words and characters together in a way that is meaningful to you (and therefore easier to remember) but impossible to guess (hint: don’t use information about yourself that may be available on the internet).

3.       Include as many types of characters as you can. For examples, use lower and uppercase alphabetic characters, numbers, and special characters as allowed by the application or account. Some include minimum requirements to include, for example, 3 of the 4 types mentioned here.

Finally, if you discover that a password you currently use is on the weak side, change it!  Most sites and accounts will let you change your password whenever you like.

If you want to test your password to see if it has been used in a data breach, try haveibeenpwned.com. Their database consists of over 600,000,000 passwords that have been obtained from data breaches.  To test your password strength to see how long it would take a hacker to guess it, go on over to security.org.