Given the recent security breach of Sony’s Playstation Network which led to user information (including credit card details) being stolen, it seems like a good time to talk about passwords.
We have come to depend on online services to manage our lives. Our social connections, financial information and all sorts of digital memories are now stored in the ‘cloud’.
Every year, millions of online accounts are hacked and the impact of the attack can range from slightly annoying to personally and financially disastrous.
There are many ways that a hacker can gain access to your account, though most of them are out of your control. One that is in everyone’s control is their password. Passwords are one of those things that most people don’t give much thought to until they fail, so here are a few tips to improve the strength of your passwords:
1. Never use the same password for more than one site
Using the same password for everything means that if someone gets access to one of your passwords (like they did in the PSN hack) then they insantaneously have access to your entire online identity. By keeping passwords unique to each service, you limit the damage that can be done by a single successful attack.
2. Include mixed case, numbers, and symbols in passwords
Modern computers are very good at cracking passwords. They enable hackers to check billions of password combinations every second, until they find the right one. There are products available commercially that will crack a ten-letter single password in a single day. Using a mix of lower and upper case, numbers and other symbols greatly increases the time it takes to succeed in a brute-force attack.
3. Use long passwords
An eight-character password made up of numbers, mixed case letter, and symbols can be cracked in sixteen minutes on a regular desktop computer. Use passwords of twelve characters or more.
4. Avoid words, sequences and dates
Any of these can be used by a hacker to narrow down the number of passwords they need to check on their way to guessing yours. When Gawker media passwords were hacked and made public in 2010, the two most common ones were ‘123456’ and ‘password’.
5. Use a random password where possible
Using a random password is great for security but can be difficult to remember, particularly if you’re following rule #1 and using different passwords for each site. This is only practical if you’re using a password manager like LastPass (more on that in another post).
Improving your passwords is one of those things that most of us never get around to, but with the number of successful intrusions increasing rapidly, it should be at the top of your to-do list.