October 3, 2020
These days you can’t log on to any site, app, church, school, store, or doctor’s office without creating a user-name and password. This fact has resulted in most of us having hundreds passwords to keep track of. Sadly, the era of using little pieces of paper hidden in a drawer to keep track of passwords has passed. On top of that, the processing speed of computers has grown exponentially to the point that programs can crack weak or repeated passwords with ease.
Check it out (source)
5 digits, uppercase + lowercase letters= 25 seconds to crack
6 digits, uppercase + lowercase letters, numbers, and symbols= 11 hours to crack
8 digits, uppercase + lowercase letters, numbers, and symbols= 10 years to crack
9 digits, uppercase + lowercase letters, numbers, and symbols= 1000 years to crack
Case and point:
Team Fortsafety was asked to speak at a cyber security summer camp a couple of years ago.
Before we began our presentation, the high school students showed us what they had learnt: they cracked a weak 8 digit password in an hour!
Have no fear though, FortSafety is here! Here is a “PASSWORD DO DON’T list:”
DON’T use words, number sequences, names, birth dates, reverse words or simple substitutions (for example: pa55wOrd).
DO use a combination of uppercase and lowercase letters, numbers, and symbols.
DO make sure your passwords are longer than 10 characters (don’t worry about how to do this and keep track of them all…keep reading)
DON’T reuse passwords. Once a hacker has one, they will attempt to use it everywhere you do business.
DON’T use your browser to store passwords and credit card information. We know it’s convenient…but they are easily hacked (we are looking at you Google Chrome).
DO use a password manager to store your passwords, credit cards, sensitive documents across all of your devices. Instead of keeping track of 100’s of passwords, you only have to remember one, the master password. These companies use stringent encryption to store your data. So stringent, that if you forget your master password…they can’t help you retrieve it. Basically, they give you a safe and you have the only key (master password)…once you lose that key…there is no way to open the safe. There are several options out there. Some examples are: Dashlane, LastPass, and 1 Password. Each service has different options, freemium levels, and price points.
When you are shopping for a password manager make sure that you choose one that has a powerful password generator, a free version so you can try out the service, cross-device and browser compatibility, and of course impeccable encryption.
DO use passphrases. In order to create memorable, and complex passwords use passphrase, or as we call them in our internet safety workshops: “The Jingle Bell Password Method”
Here is how it works:
Step One: take a poem, song lyrics, saying, bumper sticker slogan, Bible verse, or quotes and use the first letter from the phrase. It needs to be a phrase that you won’t forget.
For example: let us use the Christmas song Jingle Bells:
Jingle bells, jingle bells
Jingle all the way
Oh, what fun it is to ride
Using this method we turn that song lyric into:
See what we did there?
Step 2: create a “house rule” for when you will capitalize words, when to put a symbol, and numbers.
In this example, let’s say the FortSafety family decides that the password “house rule” is to put a comma at the beginning, to capitalize nouns, and put a 7 at the end every password we create in our household.
So the result is this:
There you have it: a complex looking password that is almost impossible to crack unless you know the phrase it is based on. It isn’t as good as the random and long passwords that your password manager will create for you, but it is a good start.