Passwords are by no means the most exciting topic to read about on a blog, but chances are you use passwords everyday to access sensitive data, and a weak or compromised password can lead to a whole host of problems and even trouble.
This topic has been a long time coming, but in recent months password security has been in the news (read more here) , and I felt it was about time to pass on some good advice when it comes to your passwords.
How was my password hacked?
The vast majority of people would believe that passwords are cracked because a computer has meticulously tried a combination of every single letter, number and character in an attempt to randomly guess your password. This is known as Brute Forcing, and honestly, while it is still a thing within the password hacking community, it’s far less common than you might think.
Many places where you’ll need a password to access sensitive data will have some fairly basic Brute Force protection, such as limiting you to 5 attempts with the wrong password before you’re locked out. It’s a simple method, and it certainly works, but now hackers are getting smarter and chances are you’re giving them all the information they need.
People like to use familiar aspects in their lives within their passwords. Names of loved ones, important dates and other such details which generally speaking, people tend to post online on Social Media. Did you take a picture of your new car? Did you put your anniversary details online?
If you’re using any of these details, or indeed anything personally related to you in your passwords, then they’re insecure and it’s only a matter of time before you’re hacked. New, more powerful computer algorithms will scan your social media, read all the data and compile thousands of potential passwords based on the information you’ve freely put online.
Cracking your password is no longer about Brute Force, but instead about taking the time needed to study your social media, and making calculated guesses based on human psychology with the information you’ve just handed over to them with your public profile.
But fear not, because making a secure password is easier than you think.
How to make a secure password
There are numerous blogs and articles out there that tell you what a bad password looks like, but I want to not only help you understand the importance of a secure password, but also to help you generate one as well.
Personally, I’ve found great value in using “The Rule of Three”. It’s a simple process that you can alter as much as you need or want to help ensure you make unique, fairly easy to remember passwords. The key to this process is not in making a password with an array of crazy character combinations that you’ll soon forget, but to instead create a single password you could easily recall.
The Rule of Three;
- A random, unique colour.
- A random, unique object.
- A random, unique animal.
The key here is that each password has a random, and unique aspect. Choosing the colour Blue every single time isn’t helping you make a password secure, it’s doing the opposite. Avoid repetition in your passwords, and choose obscure colours, objects and animals.
These are terrible examples because the colours are fairly generic, and so are the objects and animals. These are colours, objects and animals that most people own or know of making it easier to potentially guess your password should someone have a bit more intimate knowledge of you.
- MaroonRailway Anteater
- Magenta PyramidChinchilla
These are pretty good examples. We’re still using capitalisation, and sometimes spaces to help break up the password, but also we’re using rather obscure elements. Ask people for a random colour, and chances are they’re not going to pick Cyan, Maroon or Magenta. The same goes for our objects and animals.
Will this keep me safe?
It’ll certainly help to keep you safe, but no password is going to keep your details safe if you operate poor security measures. It doesn’t matter how complex your password is, if you have a Keylogger, or a Virus on your computer, there is little that can be done to protect your security without dealing with those issues first.
The world of online security is so vast, that no one blog is ever going to prepare you enough, but I do hope this had gone some way to helping you improve your passwords and re-think your personal security.