Man-giving-thumb-down

Using numbers and symbols in your passwords to keep them secure? You’re doing it wrong.

Chances are, all you’re doing is making it harder for you to remember – and super easy for a computer to guess.

Here’s some password protection myths blown right open, and what you should actually do to make them secure.


main-qimg-831083c0828c3cb49f7978642119137e

Myth: Short passwords with substitutions are secure.

Fact: They take seconds to crack.

Complexity does not beat length. Most people were taught to make passwords with common substitutions in them (E.g. @ or 4 instead of A, 0 instead of O).

However, machines have already figured out this very simple trick. You may think that ”b@by24” is a completely secure password, but a password-cracking program literally takes 400 milliseconds – that’s 0.4 of a second – to crack it.

Using random letters to make your password more complex doesn’t help much, either. For example, the password¬†‘krf@ro20’ can be cracked in 51 seconds with the Conficker botnet.

On the other hand, the password ‘eatingsometacosfordinner’ would take over 10000 centuries with a modern computer,¬†two centuries with a botnet, and if you managed to hijack the world’s fastest supercomputer, you could crack it in two years of dedicated processing time.

In short, those numbers and letters aren’t the impenetrable password shield you think they are. While they’re not useless, you’re better off having a long password without substitutions¬†than a short password with them.

 

password_strength

 

Myth: Big companies will encrypt my password in case their servers are hacked.

Fact:¬†50% of big companies don’t encrypt your password at all.

You can’t rely on big companies to encrypt your password – half of them store your password as plain text. That means if someone hacks into their servers, they can simply read the passwords.

On the downside, this means no matter how good your password is, it won’t stop anyone who can just read it. On the upside, there is a method to protect yourself against this.

Create a unique password for each big site. This way, if someone compromises your Facebook account, they don’t also have the same password to your banking account.

 

plaintext-password-database

 

Myth: Password checkers ensure strong passwords.

Fact: Not all password checkers are created equal.

When you create a password for an account, sometimes there’s a nifty little tool that tells you if it’s weak or strong. But you shouldn’t put your faith entirely in this benchmark.

All password strength checkers use custom security criteria to assess your password. This means they may be using outdated benchmarks (E.g. complexity over length) to rate your password.

Many of these passwords checkers will give you top marks for adding a letter to the world’s most common passwords, such as ‘J12345678’. This is ridiculously easy to crack, but many password checkers will give this a ‘strong’ ranking because it has letters, numbers and a length of nine characters.

In short, a password checker is no substitute for good practices. However, a reputable password checker can still be used to make sure your password choice does meet some benchmarks.

 

Myth: Good password practices aren’t a big deal.

Fact: Most major security incidents are caused by poor admin passwords.

You’ve probably heard of big companies like HBO being held to ransom for billions of dollars, Facebook CEO Mark Zuckerberg‚Äôs social media accounts being hacked, or government data being stolen.

In most cases like this, the cause is poor admin passwords. If a hacker has admin access to your systems, they can wreak havoc on your business. It’s simple to introduce some ransomware or another kind of virus once they’ve got a foot in the door.


How Do Your Passwords Hold Up?

Kaspersky offers a password checker which is very reliable. However, never enter in your actual passwords. If you do use a password checker, enter in something similar to your existing password instead. These sites do not store or collect your passwords, but it is best to exercise best security practices.


Backing Up Your Data?

If you’re backing up to the cloud, make sure you’ve got top notch software to encrypt it. Don’t count on your data provider¬†to do it for you!

BackupAssist is the #1 ranked backup software for Windows Servers.  It provides military-grade encryption for your backups and protects them even in the cloud. Why not download the 30-day fully featured trial and see what all the fuss is about?


 

Posted by Adam Ipsen

Leave a Reply