Are your passwords strong?
Better yet…are they weak?
Do you know the difference?
I know, I know…passwords are a pain.
They’re hard to remember, sites and social networks keep making you change them and don’t even get me started on the process you have to go through to reset them.
It would just be better if we could all use 1234 as our passwords, right? Probably not…
Especially as social media sites grow more and more popular and we continue to share highly personal information on them, the strength of our passwords is going to become more and more important.
So let’s talk a little bit about passwords and security.
High Risk – When Your Password Is Weak And Limp
Typically, a password is defined as “weak” when it only contains a series of lower-case letters and is especially weak when it contains a commonly used word like “love”.
Weak passwords are easily cracked because hackers can use what is referred to as a dictionary attack, which just continually submits your username and password with words found in the common dictionary. If you use a word that you can find in Merriam-Webster…your password is weak and you’re begging to have your account hacked.
SplashData, a security firm that analyzes security breaches worldwide, does an annual review of the worst weak passwords each year. Some of my favorite worst passwords include:
- password (yes…people still use this)
- 123456789 (not really a tough one to crack)
- admin (especially great if your username is “admin”)
- abc123 (the Jackson Five might be justified in using this one)
- 123123 (only slightly more creative that the previous one)
Many sites won’t even allow you to use a weak password, but there are still some that do. But don’t.
Weak passwords are for Spaceballs.
Capitalization Makes It A Little Better…But Still At Risk
You now understand that a simple dictionary password is a high risk. So would it solve the problem if you just capitalized the L in “Love”?
Since the password is still in the dictionary, the hacker-bots have smartened up and have now started sending dictionary attacks first, and then following with dictionary attacks that leverage case-sensitivity.
Sure, it takes longer, but your personal information is worth it to them.
For comparison, if you type “love” into the Password Strength Meter at www.my1login.com, you’ll see that it would take a good hacker less than 1 second to crack your password.
Adding a capital L to the mix, doesn’t really make any difference. Because the password is only 4 characters, is a dictionary word, and doesn’t contain any special characters, it’s just a cake walk for a hacker to crack.
So what’s the first step in creating a stronger password?
Medium Strength – Fighting Back With Numbers
Yep, that’s right…fight those hackers by adding a few numbers.
But be sure that they aren’t sequential, though. “Love1234” isn’t really a great password.
Adding number helped, but Love1234 could still be cracked by a good hacker in under a second.
So, to strengthen your password even further, start by using non-sequential numbers and add more of them. As you can see below, “Love243570” is moving in the right direction.
We’re up to an hour in crack time, but that’s still a weak password.
Getting Stronger! – Adding Special Characters To The Mix
Want to make your password just a little more special and ready to resist those nasty hackers? Give it some extra-special ooomph by simply adding a special character. Something like % or & or @ makes a big difference in keeping your information safe.
You can even substitute the letter S with the $ or the letter a with @ to make it easier to use.
As an example, let’s take our Love243570 password and replace the “v” with a right carat (which look like this >).
There we go! A strong password that will take a hacker 3 years to crack. Now we’re in the neighborhood of stronger passwords!
Guess what…according to the Microsoft guidelines on passwords, you just created a strong password. Congrats!!Do you know what it takes to create a strong password? Do you know why you need one? Click To Tweet
But Is Strong…Strong Enough?
To be honest, there really is no “strong enough”. As long as we rely on passwords, there will be hackers trying to crack them.
However, what you want is a password that is so strong that hackers don’t want to waste their time trying to crack yours, so they move on to the next person who probably has a weak password. For that reason, you can’t just stop at creating a strong password. You also have to think about password rotation.
To keep ahead of the hackers, you need to change your password on a frequent schedule. While there is not tried and true rotation schedule, you’ll need to find one that keeps you safe, but isn’t messing with your life.
For instance, some organizations require their users to change their password every 3-4 months. The result? People started writing down their passwords and keeping them in a notebook in their desk. Youch!!
Something like twice a year is ideal, but once each year would probably be enough. It’s up to you to find what works for you.
Why Do I Really Need A Strong Password And Why Should I Rotate It?
Hmmm…let’s think for a second. What kinds of information are you sharing on social networks like Facebook, Twitter, LinkedIn, Pinterest and YouTube:
- Your name
- Your location
- Your employer and your employment history
- Your spouse
- Your kids’ names
- Your kids’ schools (how many of their photos have their school name on them?)
- Your kids’ friends
- Where you’re going to be this weekend
- Whether you are traveling
- Whether your house is currently unattended (because you’re traveling)
- Where you went to school
- What professional groups you belong to
- Your address and mobile phone number (usually found on your resume)
- Your email address (and any alternate email addresses)
- Access to your email, both personal and potentially work email.
Trust me…you don’t want this information in the hands of someone who has bad intentions. I’ve been there, having had my blog and Twitter account compromised.
It’s not a fun experience and I hope you never have to encounter it.
NOTE: A special note on why email addresses are such a problem. So what if a hacker gets your email address. What are they going to do, send email on your behalf? You could only wish.
Remember that for many social networks, the magic combination is User ID and Password. Guess what…many sites allow you to type your email as your User ID.
If a hacker gets your email address, they already have HALF the magic combination and now just have to figure out your password.
Hackers are working harder and harder to steal your information. More and more, thieves are become less interested in your stealing your television and more interested in going after your entire bank account.Protect your blog, your social media profiles, and your personal data by using strong passwords and rotating them. Click To Tweet
Take a look at this great infographic created by the folks at LastPass giving a bit of insight into the psychology behind passwords and why hackers love to go after them.
Have additional tips on how to keep your password safe? I’d love to hear them in a comment!