Password security is, to me, the first (and most important) line of defence in the battle against hackers and cyber criminals. It’s also the least high tech, the most ignored and abused line of defence. It’s human nature to look for the super, high tech, bells and whistles, super solution while ignoring the simple.
Let me give this anecdote I heard about the US space program as an example. The US apparently spent over a million dollars trying to develop a biro that would work in space. The Russian simply used pencils.
The thing with passwords is that a weak password breaks strong security. It’s kind of pointless to buy, for example, an expensive edge device (a device that sits on the edge of your network) that is supposed to protect all of your assets and leave the default password on it.
I know what you’re thinking right now. You’re thinking, “no, that never happens”. Well I can tell you, it does. All too often in fact. I can actually direct you to a website where it lists literally thousands of devices that are connected to the internet now that are available for hackers to break into that have the default passwords.
So what is the takeaway of this post? Well to let you know that there are websites that you can actually check your password on. Believe me these will be an eye opener to most people!
Let’s take an actual password from someone I know – Buffst3r. Now let’s analyse it from a hacker’s point of view. First off, it’s a a social engineer’s wet dream. For those who don’t know, social engineering is where a hacker finds out things about you and uses them to break into your system. For example they look at your Facebook page and find your pets’ names and you kids’ names. This particular password is a variation of a pets’ name. That is number one no-no. Secondly it’s not very complex. It has an upper case character at the beginning.. the most common place people put upper case characters are at the beginning of passwords – hackers know that. The next thing is that it substitutes a “3” for an “e”. This is know as leetspeak and guess what? Hackers are onto this too.
So we run this password through our trust password checker and find that it will last a whole 3 hours. Sounds secure? not really. It goes like this. Hacker gets up in the morning and sets his computer running on cracking your password.He does whatever else he feels like doing. Then at lunch time, he logs onto your computer.
but anyway, like I said earlier, the takeaway is the website. if you want to check how secure your password is, you can go to https://howsecureismypassword.net/. It will be an eye opener for you.
Now the thing is, once you have secure passwords you will have a problem with remembering them all. Next post I will offer you a solution to that problem.
For more on password security, here is part 2.