Defend against computer hackers with a complex, hard-to-identify password
Proper password management, while challenging, can prevent a costly breach
Think your computer passwords are safe? It depends.
Hackers use password “crackers” such as dictionary or brute force attack applications to detect passwords. Dictionary attacks search for common words or phrases and, while searching, will substitute characters, such as “s” for “$.” Brute force attacks try every possible combination of characters until eventually the password is identified.
Good password management can reduce the chances that your password will be revealed. The more complex a password, the longer it takes to detect. Using “password” would take fractions of a second, where P@wORd would take longer — years in fact.
A 2019 study in the U.K. revealed the most used passwords were: 123456 (23.2 million), 123456789 (7.7 million), QWERTY (3.8 million), password (3.6 million), and 1111111 (3.1 million) — clearly, very hackable.
Best practices for passwords include using 10 or more characters comprised of lower-case and capital letters, symbols and numbers. Don’t use family or pet names, home addresses or birthdates as they could be familiar to others and are quickly detectable by password crackers.
Protecting passwords is not restricted to individuals. A 2017 study of how companies manage passwords related to ex-employees revealed that only half of respondents were confident former employees’ passwords no longer worked, 20 per cent had been breached by someone using ex-employees’ passwords, 48 per cent were aware some ex-employees could still access corporate networks and 25 per cent had no idea how long access remained to ex-employees.
A survey conducted in 2016 revealed that of 1,000 employees in six countries, one in five would sell their passwords to a third party, with 45 per cent doing so for under $1,000. What was not disclosed is how often they would sell their passwords, given their value on the Dark Web.
Managing passwords can be challenging. Trying to remember recent password updates can influence why many resist changing passwords.
If notified your password has been compromised, first contact the organization notifying you to confirm the legitimacy of the message (call the company directly and do not click on links or call phone numbers provided in the message.) If the breach is confirmed, change your password immediately using the organization’s website.
Will passwords ever become obsolete? A 2019 BBC report found that many technology companies predicted the use of passwords could decline significantly by 2022.
However, there are solutions. Password managers are one alternative. For a reasonable fee, a third party will create a new password every time you sign into a website. All you have to remember is a master password that is used by the password manager application. You can use phrases as your login to a password manager, such as “IMissMy1967Mustang.”
Before selecting a password manager, do your homework. In 2015, two password manager providers were infiltrated, with one having their entire encrypted database of user passwords un-encrypted, providing hackers with the most recently generated passwords that had been used. In 2017, one of the companies experienced a second cyber-intrusion.
Fortunately, the companies worked diligently to resolve the issues and have not experienced any further cyber-intrusions.
You can check if your passwords have been compromised. For Google Chrome, go to passwords.google.com and follow the steps. Other browsers have similar features.
To see if your email has been hacked, visit haveibeenpwnd.com and enter your email address. If your email has been hacked, some passwords may have also been collected.
One easy way to manage passwords is to create a spreadsheet (or a sheet of paper that can be safely stored) containing websites you regularly visit, listing the associated username and password. Make sure to use an abbreviated version of your username and passwords. If your email is your username, consider using “em” instead of listing your actual email address. For passwords, using “S*….6” would be a reminder of your password “SixAndOne*26”.
If using a spreadsheet, give it a code name that only you will know, to protect against someone accessing it if your computer is hacked.
To help remember to regularly change your passwords, add a column to your spreadsheet or sheet showing the dates you changed them (perhaps every 3 months). If you elect to use a spreadsheet that contains the websites, a simple click will take you there to make changes. Otherwise, you will have to type them in.
Will passwords ever become obsolete? A 2019 BBC report found that many technology companies predicted the use of passwords could decline significantly by 2022. Gartner research suggested as many as 60 per cent of large- and medium-sized businesses will cut the use of passwords in half by the same time. Today, 67 per cent of banks are currently using biometrics such as fingerprints, voice patterns and face recognition instead of passwords.
Bill Gates predicted in 2004 “the death of the password” because of its inability to keep information secure. In 2018, Microsoft stated they planned to “kill off” passwords and move to biometric authentication.
Until then, managing passwords effectively remains our personal responsibility.
Chris Kayser is a cybercriminologist and founder, president and CEO of Cybercrime Analytics Inc. He is the author of two books, Cybercrime through Social Engineering — The New Global Crisis and How to Master an Online Degree — A Guide to Success. He can be reached at firstname.lastname@example.org or at www.cybercrimeanalytics.com.