[/tab] [tab title=”I Prefer to Read”]
As an IT professional with over 20 years experience supporting clients, I can tell you that passwords are the weakest link in the security for almost every system I have ever looked at.
I also understand how much people hate using them and the difficulty people have remembering them.
The problem is that more than ever before, your accounts are vulnerable to hacking
AND a weak password might be the only thing standing between you and disaster.
I will assume you are already aware of the threats associated with having your password hacked, and that you are convinced that you need to use strong passwords.
So I am first going to explain how vulnerable most people really are to having their account hacked, It will shock you. We will then look at how passwords are cracked.
Twenty years ago eight character passwords were considered adequate, and it was estimated that it would take many years of computer processing power to crack a strong 8 character password.
Computer processing power has grown exponentially, and today ANY eight character password, regardless of how random, and how many special characters are included, can be cracked in a few hours or less, using password cracking software with a standard desk top computer and a video accelerator card, in other words the type commonly used for games.
Only around 5% of passwords offer any real challenge, and given that computers today can make millions of guesses per second, it would not take long to crack money of these also.
Professional hackers can harness parallel processing to further reduce the time required to crack passwords. This is simply connecting up multiple personal computers to work together.
While the capacity of computers to crack passwords has increased, the problem is most people are still using much the same weak passwords they were using twenty years ago
While most people know they should use stronger passwords, very few realise how easily passwords can now be cracked.
Having a basic understanding will help you create stronger passwords.
Password Guessing is actually the least common method except in Hollywood movies. This is where a professional hacker attempts to guess the password using information they have collected about the password holder. It is more common for this approach to be used by someone that knows the password holder such as a fellow co-worker, friend or family member.
Password Cracking Dictionaries are normally the first method attempted. These dictionaries contain lists of the words for all languages, including including some very obscure lexicons, even dead languages. In addition to containing all known dictionary words, they also contain all common misspellings, substitutions, and there are even lists of every password that has ever been used before. Using these cracking dictionaries alone is going to crack most passwords in use today.
Brute Force Attack uses sheer computing power to try every possible combination of characters. As already mentioned, twenty years ago super computers needed years to crack an eight character password, but today the same can be cracked in just a few minutes using standard personal computers working in parallel.
So if passwords are so easy to crack, then why aren’t peoples accounts being hacked even more than they are, like almost every day?
It may surprise you to know that its usually not your password that is protecting your account. As you are probably aware, most systems will lock you out after three wrong attempts.
Some may lock you out for fifteen minutes or an hour, others may even require you call the help desk to reset the password.
It’s this “three strikes” and you are out process that is protecting most accounts from password hacking.
The problem is hackers can often get around this simple first level of defence, as is evident in the number of major password security breaches reported each year, leaving your password and accounts exposed to cracking.
In the next part I will tell you about an alternative to using traditional passwords which is far more secure, and much easier to remember.
I will finally explain my Super Strong Passwords Made Easy system that will enable you to create and use very strong and unique passwords on all your accounts, and the best part is you do not need to remember any of them.
[/tab] [tab title=”I Prefer to Read”]
Welcome to Super Strong Passwords Made Easy
You are about to invest a few minutes of your time in learning how to create and use super strong passwords on all your accounts. This small investment in time could save you untold grief and financial loss in the future
Using super strong passwords on all your accounts is the first step in implementing online security.
Its also one of the most important because it lays a foundation and without it everything else is a waste of time.
The system itself is easy as you will soon see, but had I showed you the system without explaining why need it and how to use it, chances are you would never have implemented it.
Now its time to show you the system
Lets start by talking about a replacement for the traditional password.
A lot of emphasis has been put on making passwords stronger by making them more complex.
Complexity is the use of a mixture of upper-case, lower case, numbers and special characters.
There is no question that complexity does make passwords stronger but consider the following two examples;
We will test the two passwords on howsecureismypassword.net
Right, first lets will check the eight character complex password:
This estimates it will take nine hours to crack.Now lets try the passphrase:
Despite the fact that its made up of common English words, how secure is my password .net estimates it will take 5 quintillion years to crack that passwordNow lets check both those passwords using another password checking website called passfault.com
First again we will check the complex eight character password:
Again it estimate it will take less than one day.Now lets try the passphrase at passfault.com
This is estimating it will take one year to crack which is pretty strong.
I am actually not recommending such a simple passphrase. There will be ways we can further strengthen your passphrase and still be very easy to remember.
Microsoft officially recommend 14characters as its minimum and Wikipedia recommend 12 to 14 characters.
I use 18 characters as my default for all my accounts, and those of my clients.
Getting my clients to do the same is a challenge which is what prompted me to create super strong passwords made easy in the first place.
This longer simple password is what we call a passphrase.
I know you are already thinking of some great passphrases to replace your existing passwords but before you rush off to change all your passwords there are some important considerations.
Some systems will not allow you to use a password as simple as the example I provided.
Many will enforce the use of a complex password by requiring a mixture of upper-case, lower-case, numbers and special characters.
You also need to avoid using passphrases taken from popular song titles, movies and books. As passphrases become more popular these are likely to find their way into one of the password cracking dictionaries.
We will talk more about passphrases and I will how to construct a strong easy to remember passphrase that can include any required complexity
Right now I was to talk about something else that is just important to your security as using a strong password.
This is the practice of using the same password on multiple accounts.
People tend to come up with their password, or a few passwords, and use the same ones on all their accounts.
The problem with this is that if one of your account is compromised then all your accounts are automatically exposed and vulnerable also regardless of how good your password is.
I cant emphasise the danger in this practice enough!
Online service providers do not implement the same level of security. Some are far more secure than others, and even those that do follow best practice can be subject to a security breach.
There have been thousands of security breaches resulting in millions of passwords being hacked of the past few years alone.
If one of your accounts gets hacked an identity thief can access all your other accounts that are using the same password.
I realise how hard is for most people to remember even one or two passwords now. Even with using the easier to remember passphrases, there is a limit to how many you will be able to remember.
The good news is I have a solution for this also.
I manage hundreds of passwords as part of my work and each one is very strong and unique.
I do this using a password manager.
You may already be aware of password managers.
They are simply applications that manage your passwords for you, and this is exactly what I recommend you use.[check_list]
I have one I have been using for many years, and it’s the one I suggest you use also, but this system will work equally well with most other password management applications.
A password manager allows you to use strong and unique passwords on all your accounts by securely storing all your password credentials and taking care of the log in process for you.
You only need to remember one strong password and use that password to access the password management application.
When you combine using a password manager with strong passphrases you have the super strong passwords made easy solution that I promised.
Sounds easy. And it is!
Below I will provide a step-by-step guide to implementing this system.
I will also include a link to download a free version of the password manager I use and recommend.
If you have any questions or concerns about implementing my system, join my free internetSOS group on Facebook and I will be there to help answer your questions.[/tab] [/tabs]
We can check your email and account name to see if it is listed on any of these databases and provide you with a report on any we find.
If found we will include a risk assessment for that breach along with any recommendations to secure your accounts.
We will also add you to an alert service that will notify you if any of the emails/account names you provide appear in any future security breach.