Strong passwords are extremely important these days. Cybercriminals only need low-end hardware to crack millions of passwords at once, so it's critical to use random, complex strings of characters.
The bigger problem most users have is using unique passwords for each and every account. Any account is liable to be compromised at any given time, and you might not even know about it. If your password is compromised, the bad guys can use it to access all of your other accounts.
Use Random Passphrases Instead of Passwords
Statistics and exponents always sound like fairly simple math concepts, but once you really start tearing into it, things get crazy. For example, let’s say we have two passwords. One is a complex word, such as smaragdine (which means of or pertaining to emeralds, in case you wanted to know), and the other is a smaller string of random characters, like bP?U8.
We then ask a computer to make random guesses to crack both passwords.
The computer will take about one second before it cracks smaragdine, as it’s in the dictionary.
The computer will take about 2 seconds to crack the random string of 5 characters.
Results might vary, but either way, we’re talking seconds here.
The password cracking tools have been built and tweaked on real-world password trends. They know that people tend to use pet names, sports teams, and years for numbers. They see trends like adding an exclamation mark to the end of a password just to get that special character requirement. The people who build password-cracking tools have a lot of information to go by, as billions of stolen passwords are simply available on the dark web for them to train their tools on. That means they are even ready for things like replacing the letter S with the number 5 or dollar signs and replacing the letter O with zeroes, and other shortcuts like that.
However, one way to trip up a password cracker is to just overwhelm it with long passwords using multiple random words. The key here is random.
You can come up with words in your head, or use a site like https://randomwordgenerator.com to give you some examples. When you generate a password using 4 or more random words, it suddenly becomes much harder for a tool to crack, especially when you add some numbers, capital letters, and symbols to the mix.
For example, whispervelvetmonkeycabinet could take days, weeks, or even months for a computer to try to guess. We can do even better than that without making the password too hard to remember…
Upgrading the password to Whisper()Velvet#MONKEY23cabinet makes it so complex that a computer would likely need to keep guessing until long after the sun burns out. By then, we’ll have bigger things to worry about than someone getting into your Netflix account.
The key is to use random words and to never use the same words across all of your accounts. The other thing to avoid is using words or numbers that have some sort of meaning to your identification. The city you are from, your cat’s name, or the name of the site you are logging into shouldn’t be a part of your password, among plenty of other identifiable pieces of information.
Not Feeling Very Creative (or Random)? Try Using a Password Manager Instead!
For those of us who aren’t very right-brained, coming up with random systems to memorize passwords is tricky. Thankfully, password managers are a great option. Most modern password managers have password generator tools that will create random passwords for you to ensure your passwords are always unique and complex. The password manager will remember the password for you, and store it in a secure vault so you never have to bother memorizing each and every password.
You don’t want to rely on your web browser to remember and store passwords either, as that’s not as secure. For businesses, it’s also highly recommended to use a password management system that is designed for enterprises, as it lets you ensure your staff are using good password hygiene too.
We can equip your business with an easy-to-use password manager. They are simple and affordable, and go a long way when it comes to protecting your online accounts. Give us a call today at (760) 466-1200 to get started.