How Secure is My Password?
Obviously, strong passwords are not your only line of defense but they should be your first priority. In this section, we’ll briefly discuss how to create strong passwords. We will also talk about how passwords are cultivated so that you will better understand why this is so important.
How can someone get my password?
Hackers use two primary methods to retrieve passwords. They either guess them from outside of your network, or get them while inside of your network. Cracking passwords is really a matter of guessing the correct one. They “get” them when they access your system directly, usually through malicious software installed on your computer. They can also extract them from other website databases –which is why you want different passwords for all of your accounts.
Just think of all the places that we use passwords. We use them for our Operating System, WiFi security, social media, online banking, etc. If a hacker tries long enough, they may eventually guess your password. The idea is to increase the number of guesses required to the point that it’s no longer worth their effort.
How do passwords work?
Let’s start with a quick lesson in password entropy. Basically, password entropy measures how many different ways a password can be arranged. In order to determine this, we need to know what we’re dealing with; how many numbers, letters, special characters, etc.
Each character set has a specific number of characters. Numbers have 10 characters, the alphabet has 26 characters, etc. This is known as “character depth”. Length is simply the number of characters in a password. In this case, entropy is the measurement of all characters, randomized against every other possible combination to “guess” the correct password.
- Numbers = 10 (1234567890)
- Alphabet = 26 upper case (ABCDEFGHIJKLMNOPQRSTUVWXYZ)
- Alphabet = 26 lower case (abcdefghijklmnopqrstuvwxyz)
- Special characters = 33 (!@#$%^&*()-_=+[{]}\|;:'”,`~/?)
A single digit password made up of just one number could be guessed with only 10 attempts. A password made up of just one lower case or upper case letter could be guessed with only 26 attempts. Likewise, a password made up of just one special character could be guessed with only 33 attempts.
However, by combining character sets with length, the exponential mathematics is nothing short of awesome! For example: the password ‘ABCD’ has 475,254 possibilities; whereas, the password ‘Ab$9’ has 82,317,120 possibilities. Do you see what a huge difference a couple of characters can make? Let’s look at a 20 character password using all 4 character sets:
- Password: #Chri$tPaidThePr1ce#
- Possibilities: 3,622,996,024,341,650,240,846,169,344,922,329,517,120
The long set of numbers above represent how many attempts it would take to guess the password. At over one hundred billion guesses per second (which is not even possible yet), it would take about 11.5 million trillion centuries to guess that password.
Your attacker would need a ridiculous amount of patience and extremely good health to live that long. 🙂
How do I improve password security?
Experts say that password length is more important than anything else. Some people use a technique known as ‘padding’. Padding adds to the length of the password but keeps it memorable. Any character can be used to pad your password. For example:
- *****Password*****
- John$$$$$$$$$$$$Jane
- JOhn$$$$$$$$$$$$J@ne
Although most people prefer using words, you are much better off not using words at all. Why? Because hackers use ‘libraries’ and incorporate these libraries into their software. These libraries include millions of words, names and terms. You’re better off developing your own system. Think of a way to remember your passwords, replacing letters with numbers or special characters whenever possible. For example:
- Cl@$$*0f**1**9**9**5
Use a password manager
Creating strong passwords is necessary, but unfortunately, it is not sufficient. Managing long, complex passwords for more than a few accounts can strain your memory and leave you locked out of things at the most inconvenient time. If you have a lot of passwords to remember, a 3rd party solution might be your best option. Moreover, password management applications can add yet another layer of protection and simplify your life.
The following is a list of reputable password management utilities.
One benefit of using a password manager is the built-in ability to generate and remember strong random passwords. The obvious drawback to using password software is your inability to remember them. But the real benefit lies in the lack of common names, dictionary words, and patterns found in hacker libraries.
If you plan to use a password management utility, first consider your needs. Do you need it on just one computer, or many? What about your smart phone, tablet, etc? Why is this important? Some of these solutions are desktop applications that run on your computer. Others solutions are web-based and rely on a ‘Master’ password.
Desktop applications secure the passwords to your desktop computer. The downside is that you sacrifice a degree of freedom because they only work on one computer. Web-based solutions rely on 3rd party servers, yet they provide the flexibility of using more than one device.
If you are on a tight budget, you can simply use a free online password generator and manage them yourself.
http://strongpasswordgenerator.com/
Recap:
Use upper case, lower case, numbers, and special characters. Use padding to increase password length. Create a different password for all of your accounts. Use a password manager to manage multiple accounts. And finally, generate strong passwords and change them periodically.
What about my router password?
Your wireless router may have two or more passwords. It will have one for the routers GUI (Graphic User Interface) where you login to administer your network. And it will have one for each wireless broadcast. For WiFi security, be sure that you are using at least WPA or WPA2 security (preferably WPA2). For wireless security, you can use a passphrase up to 63 characters. Remember to use upper and lower case letters, combined with numbers. However, it has been my experience that some routers do not play nicely with wireless passphrases that include special characters. If your router does not, add some length to the password.
If you are not ready to use password management software, you may want to save your passwords in a simple text file on your desktop (I do NOT endorse this method). But if you do this, you should encrypt that file and host it on a cloud such as Google Drive, or DropBox. If you are using Windows, check out AxeCrypt, because it can encrypt a single file (such as your wifi-password.txt file).
The benefit of using a some 3rd party password managers is that your passwords are stored in the cloud and accessible via your mobile device. Not all of them support this so be sure to look for it if that is important to you.