Your Password is Probably Safe, Unless…

If you go to the site, How Secure is My Password?, you can find out how long it would take for your password to be guessed by a computer. Apparently, I have nothing to worry about.

Then again, as someone who writes on cybersecurity, I’m unusually careful. I wouldn’t even go to this site without using a VPN.

However, if you use one of these top five passwords, you will be hacked in less than five seconds

Even if you use a variation on these passwords, a computer will have little trouble hacking you. For example, the variation, pa$$word, will take 4 seconds to hack. Here are some other facts I learned which may help you see the strength of your own password. I picked a random 8 letter word and varied it. I chose the word, sycamore, which I felt was somewhat obscure.

All lower case – 5 seconds

sycam0re – 1 minute

$ycamore – 3 minutes

$ycam0re – 19 minutes

Sycamore – 22 minutes

Sycam0re – 1 hour

sycamoretree – 3 weeks

Sycamoretree – 300 years

Sycam0retree – 2000 years

It seems a little surprising that simply capitalizing the first letter will make the password safer. In fact, putting a capital letter anywhere in the password will have the same effect. It seems counterintuitive that adding a symbol and a number would make the password more ‘crackable’ than using a capital letter alone. Notice how the password becomes more difficult to crack with length. Since most secure sites require registration with a password of 8 letters or more plus the use of symbols and numbers, it’s unlikely these passwords will be cracked by brute force attacks using normal computers. Add to this the fact that some sites limit login attempts, have captchas, or use multifactor authentication, and you can see that password guessing is not really a viable option to hackers. Sure, they may spray the top 5 passwords across the internet and hope for a hit, but people who have such passwords probably deserve to be hacked. Think of it as learning a valuable lesson.

In other words, most people will not be hacked by a brute force, password guessing attack. People who want to hack you will use a different approach. They will gather information about you and use that to try to guess your password. I guessed my mother’s password by typing in the name of her cat. It’s never a good idea to use your pet’s name, your child’s name, or your mother’s maiden name as a password. In fact, any personal information that is readily available should not be used as your password. Even variations on such information could vastly lower the time it would take for a computer to guess a password.

So what if you have a good password that will take thousands of years to guess? Can someone still get into your account? Yes. But this is where hacking usually comes in and this has nothing to do with your choice of a password. Hackers can trick you into installing malware that will capture your password. They can either watch your screen as you type in your password or have a keylogger capture that information. Phishing scams will try to lead you to a login site that looks legitimate in the hopes you’ll enter a password.

Nonetheless, hacking at this level takes some skill. Unless you have a major position in an important company or are part of a key government organization, you can take a few simple steps to avoid such hacks. If you hold an important position or you are in a company that works as a subcontractor for a key enterprise, you may be targeted with more sophisticated spearphishing attacks, but, again, this has nothing to do with your password.

The main threat to the average person comes from data breaches which manage to capture user data, including usernames and passwords. Most online firms store their user’s data on their servers. This data should be encrypted, but, more often than it should be, this isn’t the case. Currently, 10,196,051,455 email accounts have been compromised. To find out if your email is one of those compromised, go here. Keep in mind that more accounts have been compromised than there are people on planet Earth; almost 50% more.

Most people have grown numb to data breaches. They never think the latest breach in the news could possibly affect them. But what if they got a message saying that hackers have stolen their email account, because that’s really what has happened. What if they were told that hackers plan to take over their account? Remember that if they take over your email account, they could pretend to be you and send any message they want to all of your contacts. Of course, your contacts would have no way of knowing that you weren’t behind the messages. The hackers could send emails that claim you are in trouble and need money.  These criminals could ruin your reputation and even cost you your job. Do you think you wouldn’t pay money to stop them from sending incriminating information to your friends, family, and work associates?  In other words, the best thing you can do is consider all major breaches as personal and you’ll be okay.

If you really want to protect your email account, you need to be a bit paranoid. Every time you hear of a data breach that could affect you, just change your email password. Make sure you use a password that is completely different from your old password and that it’s properly complicated with symbols, capital letters, and numbers. When possible, use two-factor authentication. There’s really no reason passwords should cause you problems… until quantum computers come along.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s