Let’s face it, we’ve got too many passwords to remember off the top of our head. We know we should make them more robust, but it’s just quicker and easier to use common words or family names and re-use passwords on multiple websites.
This sets us up for attack from hackers and, and as a result, financial loss.
If you learn and apply the techniques in this report you’ll avoid financial loss as a result of having your password hacked, and you will have peace of mind that your online accounts are secure from attack.
Hackers, the ones that are after financial gain at your expense, most commonly get access to your information using what is known as Brute Force Attack. This is done using a computer and software which is freely available on the internet to attempt to log into a website using your user name and password.
Here are a few interesting statistics that will help you understand what makes a password vulnerable to attack and how quickly they can be hacked:
- User Name and Passwords re-used on multiple websites
Most of us use the same or similar password for our online banking and less secure sites like Facebook, Twitter and Hotmail. What’s the risk in that? In 2009 10,000 Hotmail user’s passwords were acquired and posted on the internet. If you re-use your online banking user name and passwords on less secure sites like social networking and the like, you are vulnerable to attack from hackers.
- Passwords that use family members names or dates of birth
Current research reveals that 80% of individuals still use weak passwords that include dates of birth, partner, child or pet’s names, of course followed by a 0 or 1 so it complies with the ‘password must include a number’ requirement on some systems.
- Common passwords still used
Amazingly a lot of people still use ‘123456’, ‘qwerty’, ‘password’, ‘letmein’, ‘iloveyou’, or ‘money’ to name a few.
- Short passwords of 6 characters or less, or all lowercase
30% of people still use passwords that are 6 characters or less, and 60% of people use passwords that are based on only alpha-numeric characters.
To put it into perspective below is a table, courtesy of John Pozadzides of One Man’s Blog, with the estimated amount of time it would take to crack a password of a given number of characters using a regular computer. Depending on whether the password uses only lower case or a combination of all characters (including @, #, ! etc.) is vastly different.
|Password Length||All Characters||Only Lowercase|
|3 characters||0.86 seconds||0.02 seconds|
|4 characters||1.36 minutes||.046 seconds|
|5 characters||2.15 hours||11.9 seconds|
|6 characters||8.51 days||5.15 minutes|
|7 characters||2.21 years||2.23 hours|
|8 characters||2.10 centuries||2.42 days|
|9 characters||20 millennia||2.07 months|
|10 characters||1,899 millennia||4.48 years|
|11 characters||180,365 millennia||1.16 centuries|
The reality is passwords that are of a high quality are difficult to remember. But if you use a password manager you don’t need to worry about having to remember your passwords. This allows you to ensure all your passwords are different and meet best practice standards, giving you peace of mind from hacking. If you use the best practice standards for passwords listed below you’ll have passwords that take a regular computer 2.1 centuries to crack:
- 8 or more characters in length
- Contain both upper and lower case characters
- Contain a combination of letters, numbers and other characters like @ # !
- Remember to change your passwords regularly
- Don’t re-use password and user name combinations on multiple websites
Thankfully there is an excellent and FREE solution for password management called KeePass. It takes away the worry of having to remember complicated passwords and is packed with loads of great features:
- Firstly it's a free open-source password manager or safe.
- You can put all your passwords in one database, which is locked with one master password or a key-disk.
- One of the features I love about KeePass is the ability to drag and drop the user name and password directly to the fields on the website or program you’re logging on to.
- The KeePass database is encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
- KeePass is portable: it can be carried on an USB stick and runs on Windows systems without being installed, which is great if you move around and use internet cafe’s or PC’s other than your own.
If you can relate to any of the examples mentioned earlier that make a password vulnerable, or you re-use passwords on different sites, it’s time to take action to eliminate the risk of financial loss to hackers and get peace of mind.
First of all download a password manager like KeePass. You can get KeePass free here. KeePass works on Windows and Macs and it’s dead easy to use. We’ve even done some free tutorials on it with part 1 here and part 2 here.
The next thing to do is change your passwords so they are all unique and meet the best practice standards listed above.
Lastly use KeePass to record your new passwords so you don’t forget them. Make sure the KeePass master key password is at least 10 characters long and contains a combination of all character types.
Finally, tell us what you think in the comments below.