21 February 2013

How secure is your password?

In our parent Tech Chat meeting we discussed passwords and how we may be relying too much on a system that is far from secure. A recent study revealed that 17% of Europeans have been victims of identity fraud, which usually involves stealing personal information from online accounts. As more and more of our personal data is stored or shared online, having a secure password is our first line of defense. So what makes a secure password?

We are often advised to create a password with at least 8 digits. This should contain a variety of numbers & letters. However, a modern computer is capable of crunching through every possible combination in a surprisingly short time. See the examples below, along with the time it would take a computer to find that combination:

8 numbers, eg 82630471 can be found in 0.025 seconds.
8 letters, eg pajdyebf could take just 52 seconds.
8 numbers + letters + capitals eg 29gh6R3T increases the time to 15 hours.

Still think that's too risky? Then add some symbols as well...
eg WH@tt1tw to provide 3 days of security.

To make it even harder, just add more digits. For example, go up to 10 and it should take a hacker 58 years to crack.

Other advise:
- Use a different password for all critical wed services, eg bank accounts, email accounts & social media.
- Use a digital vault like 1Password to securely store your passwords.
- Activate additional security measures, like Google's two-factor authentication.
- For so-called 'security questions' don't use your mothers real maiden name - make one up. Better still, give a false answer to every one of those questions. You'll never remember them, so use the same answer no matter what the question.

The chances are that at some point, one of your online accounts will experience a random cyber attack. But if you make access difficult, the threat will move on very quickly to find an easier target. And you'll never know about it.

No comments: