By Swen Wulf, Network Architect and Security Manager
Password security as a topic comes up from time to time. The most important thing you need to know about password security is to use complex passwords. Typically, people create a complex password, but then the same password is used on multiple sites. The problem with this is that if your account on Website A is compromised and you used the same email and password on Website B, you are going to be exposed and busy for a while changing passwords everywhere.
Today, most websites require a password with upper and lower case letters, symbols and numbers. They also have length requirements. I use a trick that has been effective in avoiding the reusing of a password, so if a hacker gets access to one of your accounts, you have to only worry about that account and not all of your online accounts.
Building a Strong Password
Think of a sentence that works for you. For example: I love shopping at Amazon to save dollars! If you take the first letter from each word and include a capital letter for the company name in the sentence and use symbols for words like “at” and “dollar,” then you’ve created a unique and very strong password. If a password requires a number, we need to modify the sentence somewhat: I shop at Amazon 5 times a day and save money! So, now we have a number as well, and the sentence would result in Is@A5tadas$! For each online store you use, replace the actual name and use its letter instead. If you were to swap the name Target for Amazon, your password would be Is@T5tadas$!
Get creative and develop different statements to generate other password combinations for online activities such as banking and memberships. “I love my kid, and he was born in 08!” “I am banking at BoA for 18 years!” You get the idea. Your password will meet the most stringent requirements, and only you will know it.
Why Unique Passwords Matter
There is software available today that attempts to hack passwords. The software starts with throwing every word in the dictionary at your account. This takes no time at all, as these programs can guess 300,000 passwords a second. Once this fails, the software simply enumerates every possible combination. The software will try every letter in the alphabet and every number and every special character combination. The alphabet has 26 letters, 52 if you count upper and lower case, 10 single digit numbers and 33 unique characters. The software systematically checks every possible combination until the correct password is discovered. It is just a matter of time before the software is able to determine your password, no matter how complex your password is. That’s why there is a minimum length requirement on most websites. The longer your password, the more unlikely a brute force attack on it will result in success in a reasonable time.
If you would like to know more about security and our network, please contact us at firstname.lastname@example.org.