Password Security

Passwords – in today's security conscious world, they are unavoidable and with good reason too.

We have logins for this and apps for that, its no wonder so many people use the same password for literally everything, or at very best, variations of the same.

How secure is this?

Short answer, it’s not!

You may have heard of the dark web? Billions of passwords are sold to cyber criminals on a daily basis the world over and if your ‘one password fits all’ makes it onto there, you can bet its only a short matter of time before you have a digital nightmare on your hands. Can you imagine having every account you own broken into? This might sound far-fetched, but there are tools freely available on the internet that will pull up a list of databases that are linked to your email address – what’s more, if they know your email address then you are practically giving them the key to your internet life, because the chances are all your accounts use that address to communicate with you and if that email login uses the same password, you may as well put it onto a billboard outside your house.

But I can't possibly remember multiple different passwords, let alone complex ones?

The good news is, you don’t have to.

A decent password management tool will do all of this for you, plus it will generate complex passwords automatically and save them in its database – fully encrypted so they can’t be stolen. These can be accessed from any device you own and activated with a fingerprint or face ID, for example.

Some brief history on passwords

As the years have gone by, what might have been passable as secure 15 years ago, just simply isn’t anymore.

For example: password1 can be cracked/broken into within 0.29 seconds – pretty scary huh!

However, Password! Increases the crack time to 35 minutes.

Obviously we don’t recommend you use either of those examples, but it shows how a simple change can make the hackers life harder.

Back in the year 2000, if you used security1 as your password, it would have taken almost 4 years to crack….fast forward to 2018 and it takes 1 second. This is because the software the hackers use knows these type of common phrases and it will try those first, not to mention the fact technology has evolved at such a rate, the software can attempt over 1 billion password suggestions per second, so if you’re using your dogs name, birth month, maiden name, company/department name, or even something like letmein01, you can be sure it will take around 1 second for the hacker to get the information they need.

OK, so what kind of password SHOULD I be using?

Quite simply, if you’re using between 8 and 16 characters, with a mixture of upper, lower, numbers and special, plus it isn’t an actual ‘single use’ word in the dictionary, you’re on the right track. A password management tool will create a jumble of letters, numbers and symbols that make absolutely no sense to anyone and this is about as secure as you can get – the longer the character string, the longer it takes to crack.

Alpqthyr#01 would take (at the time of writing this) around 2 years for the most powerful systems and tools out there to crack.

Now if we were to use the same letter characters again but add them onto the end, therefore increasing the password length - Alpqthyr#01Alpqthyr this increases the crack time to 119 Quadrillion years!!

Finally, if we were to change those last added letters to something completely random and pop an extra capital, plus another special character in there as well - Alpqthyr#01Gjhfjghjgh! The crack time now becomes 99 sextillion years (I’ve never heard of that number either, but it’s a real thing and its huge!).

Clearly a password management tool is the only option you have for ‘remembering’ such complex passwords, but it hopefully gives you an idea of how powerful something like this can be.

I don’t want to pay for a password management tool though, so what can I do?

Not everyone will want to go down that route, or perhaps you might be sceptical for one reason or another.

There is an alternative that works just as well - writing them all down and storing in a safe place.

Think of yourself somewhere, it could be on holiday, or at your favourite bar etc. What 3 things come to mind? Let’s say you’re on holiday and you think of ‘sunny’ ‘seaside’ ‘pier’. This is perfect, as a password cracking tool wouldn’t have this in its common dictionary because they are individual words stringed together.

Example:

sunnyseasidepier

Now lets get clever with it:

SunnyS7asid7Pi7r

The finished password simply added 3 capitals and replaced all the ‘e’ letters with a number '7'.

Important - We don’t advise you use the same password for any 2 devices/logins, because all it takes is for that to somehow be intercepted/become leaked and you’re back to square one again.

This method does require you to make note of each and every one, plus ensure they are locked away safely, which although unlikely to fall into the wrong hands, is still a bit of work and if you lose it, you lose all passwords. This is why a password management tool, such as dash lane, is the safest and most convenient way of having a unique password for everything.

Whichever method you choose, following these steps will ensure you stay safe from both a personal and business perspective.