24 Oct

Your Password is Hack-able, How to Pick a Secure Password

October 24, 2012
Social Media - SMO
0

John1984, cathy87, J4cksABc – are these the of passwords you find yourself using? If so you are definately hack-able, in fact your logins can be hacked fast!
Despite what you may think, all three of those passwords are distinct, but very easy for a machine to guess.

When creating an online profile, website, E-mail address or any other social media username and password, it is crucial that you pay attention to your password strength. Do you own a pizza business that is well known for providing the most delicious pepperoni? Having a password such as D3l1c10us would not be the best choice in mind. While to you it may seem rather clever and unique to the mind’s eye, it is easy for computers to guess.

Importance of safe passwords

Besides the obvious reasons of why you would want a secure password, there are other reasons people are not aware of. Say you own a business application and were hacked – that hacker now has full control of your database and can now send all of your clients or employers information that can ruin your reputation. If they were to break into your website, they could temporarily or permanently shut the site down, leaving you scrambling for backups, if you have any. Sometimes hackers use your website to redirect the people to inappropriate or illegal pages which then leaves the original business owner with a headache, and feat of having to explain to his clients what has happened in hope his clients do not leave his business. Nowadays reputation is everything no matter who you are.

Knowing your password strength

Your password strength provides you with a measure of effectiveness. What I mean by this, is it allows you to know how easy it would be a for a hacker to guess your password. Most websites, when creating your password, will provide you with a pictured image to show you the strength of your password to ensure that you create one that reaches a “Great” limit rather than “Poor.” Your aim is for a green sign, thumbs up, “good,” anything that makes you feel accomplished by creating the best password on the streets! The more characters, the better.

Understanding your password

Now of course we all know that in the early times of internet, ones mind had the ability to replace letters with numbers such as E with a 3. Usernames and passwords were then known as being “clever” or shall I say c13v3r. Recent studies has shown that those passwords are no longer clever or effective. The diagram below shows the new knowledge of password strength.

From: http://xkcd.com/936/ – Licensed via Creative Commons Attribution-NonCommercial 2.5 License.

Entropy, in this diagram is roughly saying that more characters increase password guessing time exponentially. What this diagram is showing you is that although you address yourself as being “master password maker” by creating passwords that involve a mixture of letters and numbers that even you yourself have difficulty remembering, it is not the best procedure. This is because you are generally going to create a short password so you can still remember all the funky letter to number combinations. You are actually making it easier for the hackers to access your account. Hackers realize that normally people will use a single word that is distinct to them, but they will change the letters into numbers or even turn the word into slang. For example they may change the word “girl” into “gurl.” Programs that use brute force attempts at guessing passwords have algorithms that guess common word and number combinations, as well as letter to number replacements. They do this by data mining your social media accounts and any other materials they can find about you on the web and other sources.

Tips for creating the best password

To better ensure you create the safest password be sure to:

Be random! – Now of course you do not have to make it correcthorsebatterystaple like shown above but it does make it harder for the hacker to guess. They would never assume to put those four words together or even in that order. Those words may not even pertain to you, but that is just another reason for it to be the safest password.
Make it long – The longer your password, the longer it takes to guess. Now this does not mean make it ABC1234578910. There is nothing random about that. You’d be surprised how many people have that as their actual password. Hackers will attempt most common passwords first.
Make it silly, and irrelevant – Now I know you may be completely in love with your pet hamster named Roofus, but you may not want to include him in your password. Hackers that are interested in breaking into your account may know who you are and are fully aware that you are crazy about Roofus. They will try all the letters and numbers involved with the simple name. If you must use Roofus, do something creative and mix in multiple words such as roofusvisacoffeecontroller.
Use 3 words or more words – By doing this you are making your password longer, easier for yourself to remember and causing a brute force attempt to require 3 or more times the dictionary words to guess. It omits having to remember whether or not you used a “3” or an “e” due to you being able to use proper grammar. Hackers don’t know if you used numbers, special characters or capital letters, they still have to go through all those options. You may decide to still use the numbers instead of letters, but keep in mind, to hackers, it makes no difference since most password systems now allow for all characters.

Avoid E-mail Spammers

Now let’s say the hacker has either successfully hacked into your account, or by some other means is sending emails that we like to categorize as “Spam” from your domain. As a business owner, this is one of the worst things that can happen to you. You, as the trusted business owner, are now sending e-mails with links to inappropriate websites that the hacker prefers leaving your clients confused, annoyed and frustrated.
Here at Esotech we know the nightmare. We have seen it happen to clients. In response, we offer a package that causes emails sent by the attacker to be immediately flagged as spam, while leaving your legitimate emails unflagged. For more information on how we can help you avoid that nightmare from happening to you – contact us.

Do not assume you are not important enough to hack. There are thousands of robots and hackers on the World Wide Web today and you could be the next victim if you do not ensure safety within your account. Allow this to make you rethink whether or not you want your password to be D3l1c10s or unicornsdancegrasspop.

About the author

Alexander Conroy is founder and lead developer of Esotech Inc. His skills and abilities include LAMP and MEAN stack development along with DevOps and Database management.