When we stop and think about it, we live in a depressingly insecure world. Chances are the only thing standing between your stuff and bad guy are some very saturable windows you’re only a few feet from hitting another car head-on when you drive down the street and your private conversations and finances are kept safe online by a short string of characters. I mean I’m not trying to make you feel afraid or paranoid or anything but what I am trying to do is highlight the importance of password security. Many people are unaware that simply putting a password on something does not make it all that safe, especially as lots of commonly used passwords, are about as secure as a screen door in a hurricane.
I mean obviously, passwords like 40, 1 2 3 4 and the name of your favorite sports team are horrible choices because they’re incredibly easy to guess but if you pick something obscure and difficult for someone who doesn’t know you well does that necessarily even mean that safe. Well that all depends on the way passwords are stored. Secure websites hash your password meaning that it is passed through an algorithm that is extremely difficult to reverse with the output being what’s stored on the server. The problem though is that because many sites use the same algorithm such as the one in the commonly used SHA series. An attacker can run common or short passwords through the hash quickly and then compare that to hashed passwords stored on a server to see if any of the matches.
This can be prevented using a technique called salting. Which adds a random numerical string to your password before running it through a hash. Many secure websites don’t bother salting meaning it can be quite easy for an attacker to guess your password with brute force which means simply trying as many passwords as they can until one works. Most eight-character passwords can be cracked in only a couple of days using this method with a reasonably powerful modern PC. Fortunately, though the solution is quite simple to use longer passwords having a pseudo-random password.
With just 12 characters instead of eight means it could take thousands of years for someone to brute force your password instead of a couple of days. And if they eventually do succeed you’ll probably be too dead to care. Of course, you also want to make sure that your longer password doesn’t incorporate other common password mistakes. Even a long password made up of shorter dictionary words or containing repeated strings of characters can be vulnerable due to those individual elements being easier to guess. So while the length is probably the most important variable. The best thing to do is to use long passwords made up of random characters including symbols.
How am I going to remember a huge password with a bunch of pound signs and Colons in it?
Well, there are quite a few password managers out there, that not only store and auto-fill your passwords but also generate pseudo-random passwords quickly. So you can use a different one for every site. Just make sure that whichever password manager that you’re using stores all your passwords with heavy encryption including salting. And yes there is a reason I keep saying pseudo-random by the way instead of random software random number generators that pump out random passwords can never be truly random as they work by performing operations on a small initial number called his seed. Which introduces a slight bias for certain characters, Of course for the purposes of creating a secure password this bias is negligible for most users so don’t worry about that too much because after all in a universe where every action has some kind of a consequence can anything be truly random.
Image credits: 1 2 3 4 5
