Saturday
Feb192011
The proper use of passwords.
Saturday, February 19, 2011 at 1:09PM
If you have never had an account hacked into you probably dont worry much about your passwords, but you should! Its incredible how many people use the same password for everything from their email to their banking. Or they use a short simple password because they dont want to have to remember a long password. A "complex" password does not have to be complex. Let me explain then we will discuss more about being safe and why its important.
First, "complex" passwords. One school of thought is long random passwords consisting of uppercase, lowercase, numbers and symbols. Something like "dfhhUH4345$hjdjfhdER87&^@". This is obviously long, complex and next to impossible to remember. You can use passwords like this realativly easy if you only need to use it from one computer, lets say at home, where you have saved passwords like this in a file and can copy and paste them as you need it. But a complex password could also be something easy to remember such as "Iliketotakewalksinthepark3timesaweek!". This password is even longer, and although its a sentence its Very safe! The important thing is, you could easily remember a password like this which is a sentence the human brain can relate to. You probably would not even need to write it down.
A little about making a good password. How long should it be? Some background...If you make a 5 character password using only lowercase letters and numbers it would have 60 million possible combinations. Sound like a lot right? it must be safe, right? Wrong! 60 million possible combinations is as simple as saying pick a number from 1 to 10. It can easily be cracked.
Using upper and lowercase plus numbers, if 5 characters long there would now be 916 million combinations. Better right? NO! With the power of computers today, its also easy to crack. But make it just a little bit longer, say 8 characters of upper/lower/numbners and now there are 218 Trillion possible combinations! Now we are getting somewhere! Add some symbols in there such as $, !, #, etc and now there are over 7 Quadrillion possible combinations. Now your getting safe. Realizing this, is it really that hard to use a password such as "BeSafe9!"? And for every extra character you add to it, you double the amount of possible combinations!
How much should I worry about my accounts getting hacked? If you dont practice safe passwords, you should be very worried. The most common type of attack is someone breaking into your email. Once they get in there, all the rest is easy. They can go to one of the many sites you might use such as facebook and click on "Recover Lost Password" in which case the website will EMail you a new password or a link to reset your password. Since the bad guy now has access to your email, They will get the email and be able to reset your password for that website and they are in and you are out! This is why your email password should probably be the most complex and the most guarded.
Another type of attack is a hacker might send out millions of emails to random people making it look as if its from a popular site such as Facebook. They would send it saying something like "For security reasons we ask that you reset your password, please click here to change your password now." It looks legit, it has the facebook logo, so you click it. It takes you to a site that looks like facebook. Might even have facebook in the name such as www.facebook.faceaccountreset.com (its the name before the .com at the end that shows what site your really on). It would ask you to enter your old password to verify who you are, then to choose a new password. The new password means nothing as your not even on facebook's website. But what you did just do is give them your your current password and now they are in. Anytime you get such an email or are worried, manually go to the site by typing www.whateversite.com and logging in and changing your password, NEVER click on any links in an email unless you went to the website first and requested it.
Now imagine this is your bank account the hacker gets into. First thing they do is use the automatic bill pay to write a payment to themselves and send it to a PO Box. Is it worth the hassle of having a complex password to prevent this? If your lucky they hack into your account just for fun, and yes some hackers do it just to proove they can and dont do anything terrible. They may just watch what you do on facebook or post inappropriate content. Or they may email your friends as if it was from you and try to get their private information or send them a virus. Many things can happen that will at best disrupt your life. At worst, cost you a lot of headach and lost of money.
Now that you undestand what can happen and how dangerous it is, here is what to do about it. First, If you use the same password on all or most sites, if your passwords are short and simple, if they dont contain upper/lower/numbers/symboles...STOP IT RIGHT NOW! Your the person that 15 year old hacker or that foreign mafia organization is trying to get to slip up so they can hack your accounts!
The Rules:
1) Your passwords need to be at least 10 characters long
2) At the minimum they should be upper and lower case and contain numbers. Adding a single symbol in there would be even better.
3) If you worry about remembering them, I know I certainly cant remember all my passwords, then create a Word or Excel
document on your computer and write them all down in there as you create them. Word and Excel can password protect the document (click HELP then search for "password protect" and the instructions will come up). Then you only need to remember that one password to that document on your computer.
4) If you want to use the same password more than once to simplfy things a little, fine. But not for your email, not for your bank or any critical sites. If you want to use the same password on multiple sites make sure its for things like Facebook, Twitter, etc. Sites that if someone got into, it would not be the end of the world. This helps makes your online experience a little simpler when using social networks, or sites that are for fun and not critical.
5) If you can, take advantage of multi factor authentication. What is this? For example, Google recently introduced this for GMail. You can setup gmail so that when you log in from a computer other than your home, after your enter your password it will text your phone with a code that you must enter. This way, even if someone got your password, they would not have your phone and there for could not get in. Banks often have something similar like a small credit card device that has a constantly changing number that you also must enter. These devices are often free or under twenty dollars.
Using a little common sence and not being lazy about your passwords can go a long way to protecting your online identity.
So remember a good password only 8 character long with upper/lower/numbers/symbols has 7,200,000,000,000,000
possible combinations and over the internet would take almost 29,000 years to crack. Even on a file on a super computer would take 2.25 years. Assuming my math and research is correct. So use a complex password please. :)
First, "complex" passwords. One school of thought is long random passwords consisting of uppercase, lowercase, numbers and symbols. Something like "dfhhUH4345$hjdjfhdER87&^@". This is obviously long, complex and next to impossible to remember. You can use passwords like this realativly easy if you only need to use it from one computer, lets say at home, where you have saved passwords like this in a file and can copy and paste them as you need it. But a complex password could also be something easy to remember such as "Iliketotakewalksinthepark3timesaweek!". This password is even longer, and although its a sentence its Very safe! The important thing is, you could easily remember a password like this which is a sentence the human brain can relate to. You probably would not even need to write it down.
A little about making a good password. How long should it be? Some background...If you make a 5 character password using only lowercase letters and numbers it would have 60 million possible combinations. Sound like a lot right? it must be safe, right? Wrong! 60 million possible combinations is as simple as saying pick a number from 1 to 10. It can easily be cracked.
Using upper and lowercase plus numbers, if 5 characters long there would now be 916 million combinations. Better right? NO! With the power of computers today, its also easy to crack. But make it just a little bit longer, say 8 characters of upper/lower/numbners and now there are 218 Trillion possible combinations! Now we are getting somewhere! Add some symbols in there such as $, !, #, etc and now there are over 7 Quadrillion possible combinations. Now your getting safe. Realizing this, is it really that hard to use a password such as "BeSafe9!"? And for every extra character you add to it, you double the amount of possible combinations!
How much should I worry about my accounts getting hacked? If you dont practice safe passwords, you should be very worried. The most common type of attack is someone breaking into your email. Once they get in there, all the rest is easy. They can go to one of the many sites you might use such as facebook and click on "Recover Lost Password" in which case the website will EMail you a new password or a link to reset your password. Since the bad guy now has access to your email, They will get the email and be able to reset your password for that website and they are in and you are out! This is why your email password should probably be the most complex and the most guarded.
Another type of attack is a hacker might send out millions of emails to random people making it look as if its from a popular site such as Facebook. They would send it saying something like "For security reasons we ask that you reset your password, please click here to change your password now." It looks legit, it has the facebook logo, so you click it. It takes you to a site that looks like facebook. Might even have facebook in the name such as www.facebook.faceaccountreset.com (its the name before the .com at the end that shows what site your really on). It would ask you to enter your old password to verify who you are, then to choose a new password. The new password means nothing as your not even on facebook's website. But what you did just do is give them your your current password and now they are in. Anytime you get such an email or are worried, manually go to the site by typing www.whateversite.com and logging in and changing your password, NEVER click on any links in an email unless you went to the website first and requested it.
Now imagine this is your bank account the hacker gets into. First thing they do is use the automatic bill pay to write a payment to themselves and send it to a PO Box. Is it worth the hassle of having a complex password to prevent this? If your lucky they hack into your account just for fun, and yes some hackers do it just to proove they can and dont do anything terrible. They may just watch what you do on facebook or post inappropriate content. Or they may email your friends as if it was from you and try to get their private information or send them a virus. Many things can happen that will at best disrupt your life. At worst, cost you a lot of headach and lost of money.
Now that you undestand what can happen and how dangerous it is, here is what to do about it. First, If you use the same password on all or most sites, if your passwords are short and simple, if they dont contain upper/lower/numbers/symboles...STOP IT RIGHT NOW! Your the person that 15 year old hacker or that foreign mafia organization is trying to get to slip up so they can hack your accounts!
The Rules:
1) Your passwords need to be at least 10 characters long
2) At the minimum they should be upper and lower case and contain numbers. Adding a single symbol in there would be even better.
3) If you worry about remembering them, I know I certainly cant remember all my passwords, then create a Word or Excel
document on your computer and write them all down in there as you create them. Word and Excel can password protect the document (click HELP then search for "password protect" and the instructions will come up). Then you only need to remember that one password to that document on your computer.
4) If you want to use the same password more than once to simplfy things a little, fine. But not for your email, not for your bank or any critical sites. If you want to use the same password on multiple sites make sure its for things like Facebook, Twitter, etc. Sites that if someone got into, it would not be the end of the world. This helps makes your online experience a little simpler when using social networks, or sites that are for fun and not critical.
5) If you can, take advantage of multi factor authentication. What is this? For example, Google recently introduced this for GMail. You can setup gmail so that when you log in from a computer other than your home, after your enter your password it will text your phone with a code that you must enter. This way, even if someone got your password, they would not have your phone and there for could not get in. Banks often have something similar like a small credit card device that has a constantly changing number that you also must enter. These devices are often free or under twenty dollars.
Using a little common sence and not being lazy about your passwords can go a long way to protecting your online identity.
So remember a good password only 8 character long with upper/lower/numbers/symbols has 7,200,000,000,000,000
possible combinations and over the internet would take almost 29,000 years to crack. Even on a file on a super computer would take 2.25 years. Assuming my math and research is correct. So use a complex password please. :)
Reader Comments (2)
thank you Bob. great and useful information. Thank you very much.
I am glad to catch idea from your article.