Let’s face it, we’ve got too many passwords to remember off the top of our head. We know we should make them more robust, but it’s just quicker and easier to use common words or family names and re-use passwords on multiple websites.
This sets us up for attack from hackers and, and as a result, financial loss.
If you learn and apply the techniques in this report you’ll avoid financial loss as a result of having your password hacked, and you will have peace of mind that your online accounts are secure from attack.
Hackers, the ones that are after financial gain at your expense, most commonly get access to your information using what is known as Brute Force Attack. This is done using a computer and software which is freely available on the internet to attempt to log into a website using your user name and password.
Here are a few interesting statistics that will help you understand what makes a password vulnerable to attack and how quickly they can be hacked:
- User Name and Passwords re-used on multiple websites
Most of us use the same or similar password for our online banking and less secure sites like Facebook, Twitter and Hotmail. What’s the risk in that? In 2009 10,000 Hotmail user’s passwords were acquired and posted on the internet. If you re-use your online banking user name and passwords on less secure sites like social networking and the like, you are vulnerable to attack from hackers.
- Passwords that use family members names or dates of birth
Current research reveals that 80% of individuals still use weak passwords that include dates of birth, partner, child or pet’s names, of course followed by a 0 or 1 so it complies with the ‘password must include a number’ requirement on some systems.
- Common passwords still used
Amazingly a lot of people still use ‘123456’, ‘qwerty’, ‘password’, ‘letmein’, ‘iloveyou’, or ‘money’ to name a few.
- Short passwords of 6 characters or less, or all lowercase
30% of people still use passwords that are 6 characters or less, and 60% of people use passwords that are based on only alpha-numeric characters.
To put it into perspective below is a table, courtesy of John Pozadzides of One Man’s Blog, with the estimated amount of time it would take to crack a password of a given number of characters using a regular computer. Depending on whether the password uses only lower case or a combination of all characters (including @, #, ! etc.) is vastly different.
| Password Length | All Characters | Only Lowercase |
| 3 characters | 0.86 seconds | 0.02 seconds |
| 4 characters | 1.36 minutes | .046 seconds |
| 5 characters | 2.15 hours | 11.9 seconds |
| 6 characters | 8.51 days | 5.15 minutes |
| 7 characters | 2.21 years | 2.23 hours |
| 8 characters | 2.10 centuries | 2.42 days |
| 9 characters | 20 millennia | 2.07 months |
| 10 characters | 1,899 millennia | 4.48 years |
| 11 characters | 180,365 millennia | 1.16 centuries |
The reality is passwords that are of a high quality are difficult to remember. But if you use a password manager you don’t need to worry about having to remember your passwords. This allows you to ensure all your passwords are different and meet best practice standards, giving you peace of mind from hacking. If you use the best practice standards for passwords listed below you’ll have passwords that take a regular computer 2.1 centuries to crack:
- 8 or more characters in length
- Contain both upper and lower case characters
- Contain a combination of letters, numbers and other characters like @ # !
- Remember to change your passwords regularly
- Don’t re-use password and user name combinations on multiple websites
Thankfully there is an excellent and FREE solution for password management called KeePass. It takes away the worry of having to remember complicated passwords and is packed with loads of great features:
- Firstly it's a free open-source password manager or safe.
- You can put all your passwords in one database, which is locked with one master password or a key-disk.
- One of the features I love about KeePass is the ability to drag and drop the user name and password directly to the fields on the website or program you’re logging on to.
- The KeePass database is encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
- KeePass is portable: it can be carried on an USB stick and runs on Windows systems without being installed, which is great if you move around and use internet cafe’s or PC’s other than your own.
If you can relate to any of the examples mentioned earlier that make a password vulnerable, or you re-use passwords on different sites, it’s time to take action to eliminate the risk of financial loss to hackers and get peace of mind.
First of all download a password manager like KeePass. You can get KeePass free here. KeePass works on Windows and Macs and it’s dead easy to use. We’ve even done some free tutorials on it with part 1 here and part 2 here.
The next thing to do is change your passwords so they are all unique and meet the best practice standards listed above.
Lastly use KeePass to record your new passwords so you don’t forget them. Make sure the KeePass master key password is at least 10 characters long and contains a combination of all character types.
Finally, tell us what you think in the comments below.
Max Richardson
Hi Mynda,
I’ve been looking over the site to see if I could find a solution to a little problem my sister in-law is having at the moment and thought since her problem involves a password, I’d ask here.
Janette has a Work Roster spreadsheet sent to her email every week for her to download and fill in her hours worked then she has to resend it back to her work by email. Sounds easy enough so far.
Janette has a laptop and I have desktop both have Microsoft Office 2007, same install and her work has Microsoft Office 2010.
When I go to her email on my desktop and open the excel attachment it half opens excel (not highlighted and no cells or data) and up comes a box requiring her password to be entered into the box. We put it in and press ok and it continues along to open up the spreadsheet, no problems at all.
When I go to her emails on her laptop and open the excel attachment it half opens excel (not highlighted and no cells or data) and up comes a box requiring her password to be entered into the box. We put it in and press ok and up comes a Microsoft Office Excel box stating ” Excel cannot open this file. The encryption type used is not available, contact the author of the file. More encryption types are available using the High Encryption Pack.”
She has spoken to her pay office and they have said all sorts of things from you need a new computer, you need Office 10 and so on which led me to believe maybe they don’t have the answer either as I know Office 07 opens Office 10 Excels Spreadsheet.
What am I missing here? On her laptop I can open a new Excel spreadsheet and work in it no worries so it’s not as if excel doesn’t work on her laptop. It must be related to the password box not working on her laptop or am I wrong here.
If you could throw some light on this problems I’d appreciate it very much.
Thanks so much … Max
Max Richardson
Hi again Mynda
I must also add Janette’s laptop was using Internet Explorer 8 and has Ciper Strength: 128-bit.
I installed Chrome thinking might help but made no difference.
Cheers … Max
Max Richardson
Mynda,
My desktop has windows 7 on it and Janette’s laptop has XP on it if this bit of info helps.
Cheers … Max
Max Richardson
Hi Mynda,
I’ve solved my problem by installing Microsoft Office Compatibility Pack for the 2007 Office system.
Many thanks in case you have been chasing this up for me.
Cheers … Max
Philip Treacy
Well done Max 🙂 Glad you got it sorted out
Cheers
Phil
Shawna Sciola
Sweet internet site , super design , real clean and use pleasant.
Jeniffer Tartamella
I gotta favorite this web site it seems extremely helpful very useful
Kori Companion
I am impressed with this web site , really I am a big fan .
Tiny Zaborac
Perfect piece of work you have done, this website is really cool with good info .
Vennie Romer
Perfect just what I was looking for! .
Bree Mchendry
Sweet site, super style and design , rattling clean and apply friendly .
Adell Callado
I love your writing style genuinely loving this internet site .
Jena Hagenbuch
Precisely what I was looking for, thanks for posting .
Vannesa Rasco
its wonderful as your other content : D, regards for posting .
Manuel Gregus
I’m still learning from you, while I’m making my way to the top as well. I absolutely enjoy reading everything that is written on your website.
Vector Graphics
Howdy!, I was just wandering around the web, looking for some interesting sites to link with and found your site. Some nice posts here and some great information. If you get chance, drop by and have a look at my site and give me a comment.
Santos Byrnes
Really good visual appeal on this web site , I’d rate it 10 10.