Passwords are electronic keys to your online profile. They’re supposed to be a secure identification to access websites and should be guarded like you would your house or car keys. But is your password really all that safe?
An online study has shown that the average person will have around six to eight passwords memorised for different applications and products. However, between one and three of these passwords will be used over the majority of their online services.
This basically means most people will have the same login across a number of websites and platforms, all accessed by using one or two passwords. These websites will inevitably vary in security standards meaning although your password is safe on one page, another may be highly susceptible to a leak.
It’s comparable to having one key on your keyring that opens both your lunchbox and your house. You might need a key for both, but each has its own security level. Losing the key to your lunchbox means you go hungry, but losing your house key means you’re sleeping in the garden.
The most obvious issue in the online world is that if one of your passwords becomes compromised, by either phishing sites or through a security breach, your whole online security is open.
It’s very possible for hackers to trace your online profile and access an array of accounts using the one compromised password.
Let’s be honest here, it’s super easy to fall into the trap of using a simple or duplicate password for applications, as frankly it’s easy to remember one or two. The fear of being locked out of accounts or simply losing access to websites is a great enough worry for us to simplify our logins to something very memorable.
How Are Passwords Hacked?
Hackers can use a number of processes to get your password. The most simple way is you telling them it. Phishing emails are sent to unsuspecting users asking for a variety of logins for “security checks”. Once you enter the details, the criminals can use them at will across all the websites where you use that password.
Password Crackers are programs that use ‘generation software’ to attack systems and hack into your account. The software works by generating thousands of different codes, bombarding the system and eventually ‘guessing’ the correct password. Words and duplicate number sequences are particularly vulnerable to this type of attack; however, it does take more time to crack.
User Hacking is essentially other humans guessing your password using calculated deductions. User Hackers will attempt tried and tested techniques to get into your account. Usually starting with simple passwords like “1234567” or “letmein” criminals can go into more detailed processes by looking at your public social network history, family names and even home address. Many users have clues to their password scattered across the internet. Is your password your family name + a number? Pets name? City or University? Football Team or even your own name?
Take a look at this website “How Secure is My Password” and see how long it would theoretically take to hack your password.
A 6 letter password (letters only) like “ebuyer” can be hacked in under 60 seconds by a standard PC.
A 17 digit password like “EbuyerBlog1sGr3at” would take over a million years to hack by a standard PC.
Why Do I Need Different Passwords?
Most websites require a login of sorts nowadays, and while 90% may be “throwaway logins” with no details about your life (news services or games) many websites can carry detailed security information.
A password for a cooking website, with minimal security and details, is not the same as your online shopping account that has your card details, phone number, address and email.
If you compartmentalise and split your logins, a security breach on Facebook or Twitter shouldn’t affect your Internet Banking per se…
What’s a Common Password?
Common passwords are easy to remember and “bulk used” across the internet. We may use them for “throwaway logins” to websites hardly ever visited but more often people are using them for important things like banks and shopping websites.
The most common passwords across the internet are:
Letmein, Password, “Name”+123, 123456, Monkey, QWERTY, ZXCVBNM (bottom line of Qwerty Keyboard), Dragon, Abc123
25% of users have a password containing their first name
4% of people use some incarnation “password” for their login
24% of passwords are used by more than one person
There is a 50% chance that a password has at least one vowel
Keyboard patterns are easily “cracked” as they can be databased: QWERTYUIOP , ZXCVBNM
The numbers “1” and ”2” are the most commonly used in passwords and are usually found at the end of the password.
Duplicate letters and numbers are also easier to hack as programs don’t have to generate a new number “John2222” “England1066” etc.
In English-speaking countries, capital letters are usually at the beginning and are followed by a vowel.
What Are Some Strong Passwords?
Strong passwords come in a variety of formats. The best are fictional words and involve a mixture of letters, numbers, cases and symbols.
Things to consider in a password:
- Include punctuation marks and/or numbers
- Mix capital and lowercase letters
- Include phonetic or number replacements, like “L0G1NPC”
- Try a password with more than eight characters (eight character or less passwords aren’t long enough to avoid simple hacking software)
- For words only, attempt a mixture of languages or something not in the dictionary: “Goodbye-aufwiedersehen”.
- Consider making an acronym password from a phrase. So for the phrase “My Birthday is the 10th of June 1955” your acronym would be mbit10oj1955. Now mix in a few case changes and your secure password is mBiT10oJ1955.
How am I Supposed to Remember all These Passwords?
It’s true, having a number of passwords does mean you run the risk of forgetting them. A random password generator is often the most secure system but is not great for memorizing numerous codes. It’s not recommended to keep details of passwords on computers or in unencrypted cloud systems as they can be hacked.
If you can’t remember your passwords, have separated documents with cryptic clues in them: “Facebook: Dave’s hometown & Fathers Birthday”
Consider investing in a secure USB device and keep the codes on that. Make sure it’s kept away from the computer; if possible, split files up and micro encrypt from there.
Many operating systems and internet security suites come with password managers so you can keep all your logins in one safe encrypted place.