Thursday, August 23, 2012

Passwords Are Becoming Our Own Worst Enemy

Recent report shows we are not as secure as we think we are.


passwords
It seems that this year has been one of hackers gaining access to people's accounts because they have hacked into a server or some other activity like that. But, the reality may be much simpler than that and be tied to security and just how accounts we have and how many of those accounts have the same or very similar passwords. If you do not have some software which holds all your passwords for web accounts, you have a herculean task to remember all the passwords for each and every online account you have.

We have talked in the past about rethinking your password strategies because of all the hacking that is going on. Reusing passwords is something you should never do. If they get your password, they can try that on other online accounts they can figure out. Longer passwords are harder to crack and the complexity of the password is very important. But with all the online accounts we have, it makes it difficult to follow through on all of this.

According to a research study done back in 2007, they looked at users, online accounts and passwords. Back then, the study information determined that the average number of online accounts per user was about 25. Of those 25 online accounts, they determined that of those 25 accounts, a user had 6.5 passwords to access them. That means that passwords are being reused and that is very startling news to hear. And you have to remember that this is from back in 2007. I know that I have probably double or triple that number from 2007. And it continues to increase.

As the number of online accounts increase, the number of reused passwords is probably going to increase as well.

If you are not using complex passwords, you are probably in trouble already and do not know it. Hackers are getting far more sophisticated and can crack simple passwords like the ones shown above. Just how quickly can be debated, but will not be weeks, probably not days and be done to hours. In some cases, using dictionary lists for common passwords is will be less than a minute every time. That should scare all of us to change our password habits.

On the web, we keep hearing to not reuse passwords. That is the first thing to do. But human nature and just the sheer volume of accounts makes that pretty much impossible. The next thing to do is make sure that your passwords are complex. Do not using English words that dictionaries can look up and match. Even changing some characters to special characters or numbers is becoming easier to hack.

The best thing that you can do for yourself is to make your password long. Most people thought that a password of 6 characters would keep you safe. Not any more. Once you get to 8 characters, you have increased the amount of time for a hacker to brute force guess your password by at least 10 days, if not longer. Each character that you add after that increases the time significantly as long as it is not a recognizable word.

Given where things are at with hackers and everything that we are hearing in the news, your password should be longer than 8 characters. You should really try to not repeat passwords across online accounts or even variations of the same password across sites. You are asking for trouble if you are. If a hacker gets your password and you are doing that, odds are they are going to figure out how to access other online accounts you have.

We have to try and stay a few steps ahead of those trying to get access to our online accounts and what was consider safe a few years ago is no longer the case. Time to rethink how you are going to create complex passwords and not reuse them across online accounts.

No comments:

Post a Comment