The Story Behind a Secure Password.
Everyone knows about having to use passwords to log into any account that you have signed up for, whether it’s your Bank account or your favorite shopping site like Amazon. But how secure is that password and is it different from other ones, or is it the same one?
There’s a lot to take into consideration when coming up with a strong secure password, and it will be helpful to understand just how hackers get access to your passwords and what they do with them.
So here in this post, I will be talking about the do’s and don’ts of Passwords how hackers hack them, what is a good strong secure password, and how to come up with one. Also, I will cover some great free, or paid, Password managers.
Let’s get started.
How Hackers Steal your Passwords.
There are several ways hackers go about stealing your passwords, and it’s not just the professionals that are doing it, regular folks like you and me, where can search on the internet for how to crack a password. Yep, that’s right, there are hundreds of sites out there that will teach you how to do it.
And here are the ways hackers (and you) can learn how to Hack Passwords and what to be aware of to keep your passwords safe and secure.
Dictionary of Words:
This is one of the easiest ways they go about it, it’s simple and fast. They run a program on a computer that will run through millions of words trying them out until they get a hit. This can be done in just a few hours, so as you can see you do not want to use any password that can be found in a dictionary.
You can look at phishing like they are fishing for your information by sending you emails, say from your bank. At least it looks likes it’s from your bank at first site, and they are asking you to verify a charge on your debit card by clicking on a link to a site that looks a lot like your bank site where you log in at.
You enter your credential (login name and password) click to sign in and away you go to your true bank’s webpage, they now have your info, all without you knowing anything happened. The lesson here is that banks, credit card service, and so on will never, never send you an email asking to verify anything of the sort.
So beware of fishy looking emails.
This is similar to the Dictionary attack where they will use a combination of dictionary terms and special characters. You know the ones right, you are asked to enter a password that contains both upper and lower characters along with special characters like (!@#$%^&*). So they take a dictionary word like “password” and start adding characters that would look something like “p@$$word123”. Are you getting the idea here?
This is where they attempt all possibilities of all the letters in the alphabet, numbers, and special characters. Once again using a computer with a lot of computing power (more than your regular PC has) which will be running for days at a time trying to crack a password.
This is where you want to use a long strong password, which we will get into a little later here. The longer the password the harder it will be for this approach to work.
This is a malware program that gets’s downloaded from a bad website or from downloading some free software from a fishy website. It will then reside in your system memory and will then run anytime you start your device.
It will then store your keystrokes into a log which is then sent to the hacker. From there they decode your keystrokes and check for anything that looks like a password and log in info.
So make sure you are running a good Ant-virus security software and maybe even a malware program. Also using a password manager that automatically logs in for you by passing your keystrokes would also help.
Wi-Fi Traffic Attacks:
This is where you use a public Wi-Fi to connect to and log into your account with your credentials. (Which you should never do) A hacker will use a simple application that even you can download from the internet to watch all traffic on a specific Wi-Fi network.
Once you enter your username and password the program will notify the hacker and he/she will intercept the data, they now have your information to use as they please. So, again do not use public Wi-Fi to log into any of your secure accounts!!
Hackers love to use stolen usernames and password from thousands of sites that have been hacked. And later run a program with the stolen info on many sites until they get a hit, once in they can do what they want. This is why you do not want to use the same username and password to all of your accounts.
If one gets hacked they can use that to hack into your other accounts.
So as you can see there are enough ways to hack passwords that should make you a little concerned about ways to keep them safe.
What not to use as a Password:
- Do not use your networks username or the name of your Wi-Fi’s name as your password.
- Don’t use anything as obvious as “password”, “12345”. They are the first to get hacked.
- Don’t use dictionary words, password cracking tools use this method and can be downloaded from the internet by anyone.
- Do not use the rows or columns of your keyboard like “qwerty”, “asdfgh”, or “qazwsx”. Way too obvious to anyone trying to hack a password.
- Never ever use the same password for multiple sites.
- Don’t use your pets name or family, friends name.
- Never use your email’s password for any of your accounts. It’s an open door for hackers.
- Never store your list of passwords on your hard drive, once they gain access to your computer they just struck gold. If you must keep a list, have it on a piece of paper. And if you live with other people that you don’t want access to that list, well then, hid it well!
You get the idea right?
For Your Entertainment:
And for your entertainment here is a list of the top 10 worst passwords that people are still using. Using any of these is like leaving your door open and calling for everyone and anyone to come inside. This list is provided by “SplashData” where they compile a list every year of the top 25 worst passwords used.
And I promise I won’t use it against you if you’re using any of these. 😊
- 12345678: You used this because it called for 8 characters.
- password: This one still amazes me that it is still being used.
- qwerty: It’s not a dictionary word now is it. No, just the top row of your keyboard
- 111111: And what were you thinking here? How many ones was that again?
- 1234567: Oh don’t tell me, 7 is your lucky number?
- Iloveyou: Are you kidding me? I’m sure the hacker will love you. 😊
- adobe123: Oh, this ones good, and the one for your Gmail account is??
- 123123: This one is really clever!
- admin: Are you serious:
- 1234567890: Well it is a long one!
There are 15 more, and they don’t get any better, but I’m sure you are getting the idea of what I’m trying to tell you, Yes? Well then, let’s move on.
How to come up with a secure password that’s easy to remember:
Using a Passphrase:
A passphrase is a sequence of words like “my dog don’t bark anymore”, which is easy to remember and it’s long, the longer the better. But most sites won’t allow a space to be used in a password and most are requiring upper and lower case characters, numbers, and special characters.
So to make this work you could do something like this “1My-Dog-Don’t-barK+AnyMore”. As you can see it has all the requirements for a password, it’s fairly easy to remember, and it’s long which will make it more difficult for a hacker to break.
Now that you have that password you can use this awesome tool at “Search Space Calculator” to check on how long it would take to hack by Brute Force. When I entered the above phrase it will take trillions and trillions of year to crack, as seen in the photo below.
Keep in mind that it is not a strength monitor, it just tells you how long a brute force attack would take, a hacker might be able to crack it using the dictionary method, but I’m sure that would take them more time than it would be worth doing.
Now that’s just my opinion though.
Using something Poetic:
For those of you who have a favorite poem or even a favorite lyric from a song, you can turn this into a good, strong, and long password. So for an example, let’s take a quote from Shakespear like “There is nothing eighter good or bad but thinking makes it so” and make it into this “1TiNeGoBbTmIs!”. Now as you can see it makes no sense, it’s not a dictionary word, it has upper and lower case, a number, and a special character, and best of all it’s long.
What I have done here to make it easy to remember (as long as you remember the quote 😊) is, I use the 1 in reference to it being my number one quote, then every other word is in caps followed at the end with the exclamation symbol.
You’re getting the idea, right?
Using a long Sentence:
So if you don’t have a favorite line from a quote, song, or anything else, you could use a short sentence that is something about you. For instance “I grew up in the Bronks in 1987 after my mom died”. Now doing something like we did above we can turn this into “IguitBi1987amMd*.
Once again it has all of the requirements to make it a strong, long, and a rememberable password. It’s not a dictionary word, nor is it a name of your pet or a family member names.
I’ll bet you can see what I did to this one so that I could remember it easily, I took and made my first letter upper case because it’s the first letter in a sentence, the next ones are lower until the word Bronks which is a name, so it starts with an upper case, the next uppercase is Mom because she is important to me and at the end a * because she is a star in my heart.
I know you’re getting the idea now, it’s really simple to come up with any kind of sentence, quote, song, and whatever else your imagination comes up with.
And you can make them shorter if you would like, but make them at least 10 characters long, remembering that the longer the better.
How to manage all these new passwords:
You’re probably thinking to yourself that this all sounds great for coming up with strong passwords, but how am I going to keep track of let along remember several different ones. And let’s not forget about having to type each one of these every time you visit your accounts.
With there being so much that we do these days online that we could have 10, 20, or more different accounts online with separate passwords. For instance, you have a password for your computer, your router’s Wi-Fi, and Passwords for your many accounts like Amazon, Netflix, Hulu, HBO, Showtime, Bank account, Credit cards, Utilities, PayPal, Emails, Facebook, Twiter, and so on and on.
Those are just 15 of the more common ones that most of us in our daily lives that we surrounded ourselves with being connected to the internet.
As you can see this can become overwhelming to come up with a different strong password and to keep track of. Sure you can write them all done on a piece of paper that you can look at each time you need to log in to an account, but there is a better way.
Install and use a password manager program, I did. I have over 60 accounts that I have a different password for and all I have to remember is just ONE strong password. So how does a password manager work?
You install a password manager, you then make a strong password using one of the above examples which is going to be your “Master Password”, the only one you have to remember.
For all of your other accounts, the password manager will generate and new strong secure password for you, and it will all be encrypted.
It will now remember them for you and enter them in automatically everytime you visit your accounts.
Now doesn’t that sound like a much easier and safer way to manage your Passwords? Now you are probably wondering which of the many password manager should you use.
Top 5 password managers and what each one has to offer. A couple of them will even sync your password across all your devices, like your iPhone, Android phone, Laptop, or tablet.
The conclusion to The Story of Secure Passwords:
After reading all of this you might be thinking that I’m a little obsessed with passwords, and you are probably right. After all, this is one of the few things we have to keep our data safe from hackers. So I hope by now you can see how important it is to use a Stong, Secure Password, along with using a Different one for each of the sites that require you to log into them. As you can see, it is really simple to make a strong password that will be easy to remember, along with using a Password Manager to manage all of them.
To see which Password Manager I use,
One last thing to keep in mind, you should change your passwords at least once a year, twice a year is even better!
Do I do it? Well, to be honest, I’m kinda bad at this. 🙂
So what do you say, are you going to change the way you manage your passwords?
I would love to hear your thoughts about passwords, do you use the same one, is it unique, do you ever change it?
You know the drill, you can leave your comments and questions in the comment section below!