Passwords. We hate them. They’re impossible to come up with, impossible to remember and nothing is more annoying than that stupid “Wrong Username or Password message.” Until, of course, you get the one that your account was locked because of too many wrong attempts.
As much as we all hate them – the fact remains they’re just about the only thing standing in the way of cybercriminals who would love to steal our information and our money. It’s annoying not to be able to get into your account, but it’s nothing compared to opening your account and finding all your money gone! That’s a real bleep moment.
But who has the time and energy to come up with super secret passwords? Numbers, letters, symbols, upper case, lower case – it’s a mess. No, what we need is a better way to deal with passwords.
So what if I told you there’s an easier way to come up with a password? A password you can actually remember? And more than that – it’s a password that’s a lot harder for a thief to crack? No, really!
But wait, before we dive into creating your new Super Awesome Password, let’s take a quick look at how passwords are most commonly being cracked. We need to know what we’re fighting. After all, we could build the strongest door with 3 feet of steel but if hackers are crawling in through the air vents – well, that won’t really help us much.
You’ve probably heard the term before, but even with all the press it’s gotten it’s still one of the most effective weapons in a cybercriminals bag of dirty tricks. Phishing is all about tricking you into giving away your information. Hackers thread a little bait on a hook – an email claiming there’s something wrong with your account. “Bad things are about to happen, here, click this link now and we’ll fix it.”
Well, they’re right – bad things ARE about to happen. But only if you take the bait. Because that link is fake, leading you to a phony website built to look enough like the real one that you’ll be fooled into entering your password, account, or credit card information. And once you do, well … that’s that.
Brute Force Attack
Just what it sounds like, a Brute Force Attack throws everything at your password until it cracks.
Some attacks are more targeted – using information like your address, birthdate, age, where you were born. Other attacks are completely random. Hackers find an account and start running every possible letter and number combination until it finally -sickeningly – clicks on yours.
And don’t be fooled into thinking this is time-consuming process. This isn’t some guy sitting in his mother’s basement getting carpel tunnel clicking keys for hours on end. These are automated programs built specifically to run through millions of combinations – in a matter of seconds! Most passwords under 8-10 characters – no matter how random they are – can be cracked in less than 2 hours.
Similar to Brute Force, but in this attack hackers are running the most commonly used passwords, phrases, and number or letter combinations until something fits. Turns out that when it comes to passwords, we humans aren’t as creative as we may think. That’s why you should never use combinations like “123” or ‘password’ or your name, zip code or area code in your passwords.
So what’s a person to do?
The best defense you have against identity theft is also one of the simplest – a strong password. We’ve all seen the Google suggestions that look like someone just started mashing their hands against their keyboard. (That is an option for creating a password, by the way, but probably not a good one.)
But don’t worry! Creating a super awesome password isn’t as hard as it seems. And you don’t have to have a super-memory to do it. You ready for it?
Use a Pass PHRASE – not a password.
TjN43^Rt750%mQ may be strong but who’s going to remember that? Okay, well, maybe someone could, but not me. To get around that, experts recommend using a phrase instead of a crazy collection of symbols, letters and numbers.
There are two popular variations of this trick.
Choose 4 or 5 totally random words. The catch is to make sure you’re using truly “random” words. They shouldn’t be related to you – like kids’ names, pets, or street names. They also shouldn’t relate to each other – like “big” and “house” or “white” and “car.” Choose bizarre words or words in a different language. Like
A hacker might be able to guess one of those, but not the whole string.
Quick note: It’s hard for us humans to be truly random. We love patterns even if we don’t recognize we’re doing it. If you find yourself struggling with coming up with something random – try this: Open a newspaper, book, or dictionary. Close your eyes and run your finger over the page then stop. Whatever your finger lands on – that’s your word. If the word is too small or you absolutely hate it – try again. But don’t overthink it. Remember, we’re being random.
Pick a random sentence, any sentence. Maybe it’s a favorite movie quote or a line from a song. Or just your favorite catch-phrase. Don’t go overboard, it doesn’t have to be a novel. Let’s go simple for our example.
“Houston, we have a problem.”
Now pick a formula for abbreviating it. Depending on the length of your sentence, you could choose to use just the first letter or two and alternate upper and lower case. Using our example, that gives us:
Now Power It Up
- Use numbers and letters to round out your password. Most sites require a combination of letters, numbers and special characters in your password. Pick a formula that works for you. Put a number or character after the first 2 letters of each word. Or after every fifth letter. Whatever works for you.
- Think outside the box. Use characters that aren’t common. We’ve gotten used to seeing underscores ( _ ) and exclamation points, so they make their way into a lot of passwords. Choose the dollar ($) or plus (+) signs. Show a little love to those underused characters.
- Size matters. The key to a Super Password is length. Hackers use computer programs that can run through millions of combinations in the time it takes to read this sentence. So the longer your password, the better. In a brute force attack, every number, letter, and character has to be tried in every possible combination. So for every character you add, you exponentially increase the time it will take to crack it. Right now, the ‘sweet spot’ is about 16 characters.
So if we apply those tips to our 2 examples above you come up with something like this:
Igloo9Quiz$Gracias$Hancock9 or 1Ho^We5Ha^APr9
Strong passwords that keep your personal and financial information safe and don’t make your brain hurt.