When I first saw this graphic, I thought to myself, “This will open some eyes,” and, simultaneously, “This might be the scariest news about passwords that I have ever seen.”
I’ve been recommending strong passwords to our clients, my friends, random people in coffee shops… for YEARS. Strong passwords are the single most effective tactic to deploy against hackers. But what, exactly, makes a password “strong”?
Is the name of your dog, with a “1” in place of any “I” letters and a number sign, at the end, like F1do#, a “strong” password? It seems strong, doesn’t it? Could the average person guess it? Possibly not.
But the thing we constantly lose track of is that we’re not protecting ourselves against average people. We aren’t even protecting ourselves against actual humans. We need to protect ourselves against PROGRAMS – software that can crank out thousands of attempts to crack a password in a matter of minutes.
I invite you to check out the chart below, produced by Hive Systems, that details how long it would take for a hacker to brute force (use a program to try over and over to crack) your password. That example above? F1do#? Follow the chart – 5 characters, number, upper case, lower case, and a symbol – that’s crack-able instantly. But make a few changes – F1do1smyfavoritedoggo## – and suddenly you’ve gone from instantly-crack-able to not being cracked for over 437 trillion years (lucky guesses notwithstanding).
Wow! What a difference!
Unless, of course, you also keep a spreadsheet of all of your passwords right on your computer. Then you’re at double risk – because you’ve literally left the keys to your digital kingdom in the lock, on the outside of the door, waiting for a bad guy to grab them. Please (PLEASE!) use a password manager like LastPass or 1Password. Two big plusses – the passwords are locked up in a virtual vault to which only you have the key, AND you can make gobbledygook passwords because you won’t have to remember them.
Don’t set your passwords up to auto-fill, either. That’s a bad habit to get into. If your device gets stolen, your passwords get stolen also. I know someone who lost her phone. She didn’t have a password on it because putting a password in to unlock the phone is SOOOO 2019 (right?). She DID, however, have her banking app on her phone. And yes, her password was saved on the phone and would offer to autofill any time she launched the app. So yes, phone lost, app launched, password auto-filled, and the contents of her bank account were transferred into oblivion. Just like that.
We all like to gripe about strong passwords – there have certainly been a lot of comedy routines performed about them. But reality is that strong password are, like I said above, the single most effective protection against hacking you can have. Of course there are a lot of other things to watch for when it comes to being secure online, and we’ll get more into them in other posts.