Do these passwords sound familiar to you - password, password123, Password1234, your partner's name, your dog's name, your child's name, your dog and child's name, your child's name and the year they were born. Which password are you?
Passwords are you primary form of defense against hackers. Here are some tips and tricks for making the most of your passwords;
Every Website - NEW password
Most people re-use the same password over and over again. Hackers know this. They are counting on it. They only need to collect data from one data breach that has your email address and you re-used password and they now have access to a good portion of your like. If you ignore all the other advice from this blog - DON'T IGNORE THIS ... every password should have a different and unique and complex password. Use a password manager like LastPass or 1Password
Have you been p'wned
Check to see if you details exist on the dark web as a result of a data breach...use the tool - Have i been pwned
Use Strong and Complex passwords
The conventional wisdom was that a strong password contained at least 8 characters and number and 1 special character such as `~!@#$%^&*()
This has resulted in a culture where we have short passwords with some character substitutions for example;
- Password - hacked instantly
P@ssword - hacked in 3 hours
P@ssw0rd - hacked in 9 hours
P@ssword1 - hacked in 4 weeks
Sweetpea - hacked instantly
Sw33tpea - hacked 2 hours
Sw3etpe@ - hacked in 9 hours
Sw33tpea! - hacked in 4 weeks
Based on password testing at https://howsecureismypassword.net/
this also assumes 1 computer, so that password that can't be hacked for 4 weeks looks fine until you bring to bare a bank of computers, which are parallel processing decryption technologies or a mainframe computer and that password is useless.
Emerging password wisdom?
There is another school of thought that believes using a phrase or a series of words strung together that may or may not make sense to anyone by you. There are some that believe this is the best way to create complex passwords that are easy to remember. The main issue with this is that people still tend to re-use the same password
- Whykickamoocow - hacked in 837,000 years (fictional place in New Zealand, that my parents tricked us with many years ago)
- Whykick@moocow - hacked in 29 million years
- Ilovepineapple - hacked in 837,000 years
- IlovePineApple - hacked in 837,000
- Ilovepine@pple - hacked in 29 million years
As you can see from the above data, having a phrase as a password significantly increases your password strength, adding some character substitutions such as the @ sign for an A - gets you to millions of years.
The best solution - password generators
However, the best passwords to have are long passwords minimum of 15 characters and more if you can - of random characters.
The problem with this is that most people would never be able to remember their passwords, but a 15 character random character password such as R#bc!$9lkgL5w$K would take 16 billion years to hack.
Password vaults are your answer, i've been using LastPass www.lastpass.com for several years. I only have to remember 1 master password, and Lastpass not only saves all my password to all my websites/web services, it will generate long and strong (random character) passwords. A password vault should also be able to share a password with friends or colleagues, as well as run on different platforms and browsers e.g. Phone App, Chrome, Safari, Internet Explorer, Mac/PC etc.