If 308 million password possibilities can be attempted in under 3 minutes, is your password keeping you safe?
Posted on Thu, Feb 18, 2010 @ 12:07 AM
December 2009 a popular website named RockYou.com experienced a horrifying breach. A clever hacker managed to penetrate their systems stealing account information for 32 million users.
Social websites. A weakness for users?
RockYou and other social sites like FaceBook, MySpace, and LinkedIn, require personal information
like your e-mail address, your full name, and sometimes even your birthday or address to verify you are
a real human. While this information seems pretty generic to users, thieves gather this data to build profiles
on unsuspecting users. These profiles are ultimately used for identity theft or hacking personal accounts like for your bank.
Many people use weak passwords or the same passwords for multiple websites.
This is like leaving your car door open when you go o a baseball game. While there are many cars in the lot, a thief will steal the one that is easiest to access. If your password is easy to guess or is the same on your social sites and your e-mail or even your banking website, hackers will simply plug in the password over and over to see what they can compromise. In this digital age of instant gratification, even hackers are automating their processes to increase efficiency.
Hackers love password checkers.
Did you now that password checking software programs can run all 308 million possible letter combinations for a six letter password (using all upper or all lower case letters) in under 3 minutes
(www.hq.nasa.gov)? Quite impressive, but also startling.
You can protect yourself with these three golden
rules of creating strong passwords:
1. Make sure your password is 8 or more characters
in length.
2. Use a mix of the three basic mediums available:
letters (both upper and lower), numbers,
and special characters like !@#$%^?* or &.
3. Don't use only names or words from the dictionary,
they are easily identified by hackers.
Following these three simple criteria is easy, but
sometimes the password you come up with is difficult
to remember, right?
Try using first letter mnemonics to fool those evil hackers.
Think up a short sentence
you can easily remember like, "My daughter, Joy,
has 500 Barbies!" Then take the first letter of each word and the special characters in the sentence to create a impenetrable password you can chuckle about each time you use it,"Md,J,h500B!" Now that is a password hackers won't find in the dictionary. Keep in mind, the more bizarre your
sentence is, the more likely you are to remember it.
Let's take a look at password trends.
Just reviewing statistics pulled from the 32 million folks unfortunately entangled in the RockYou hack, we can clearly see a poor password trend on this social site.
Roughly 30% of users chose passwords whose
length is equal or less than six characters.
Almost 60% of users chose their passwords
from a limited set of alpha-numeric characters,
meaning letters or numbers next to each other
on a standard keyboard.
Nearly 50% of users used names, slang words,
dictionary words or trivial passwords they
could easily remember.
The most common password among the 32
million RockYou users compromised was
"123456".
(Impervia.com white paper titled Consumer Password Worst Practices)
What does this mean for users?
Wimpy,simple, weak passwords won't keep your private
information safe. If you have to, write more complex passwords and keep them in your wallet or purse. Better yet, jot down reminders of what your passwords are just in case someone gets hold of your cheat sheet.