Password misconceptions - You may not be as safe as you think
Most people think of password hacking as someone in a hoodie singling you out and guessing what your password might be, and while this can happen, it usually is not the case. The fact of the matter is that most password hacking is done by computers running password cracking systems, and computers are quite good at that sort of thing.
Some ways to stay safe:Keep it long. In general a simple cracking script can try every possible combination of a password in a technique called ‘brute forcing’. THIS is where password length matters. Think about it: If you’ve ever lost the combination to your three-roller combination lock, you may have tried every single permutation to find the correct combination. With three “characters” of only ten digits it is possible to do this manually with a little patience. With that in mind you can see why computers are VERY good at this sort of thing.
It is possible to brute force short passwords in seconds but each additional character you add creates many more possible permutations which is why it is important to keep your passwords long. A five character password has 60,466,176 permutations, while a six character password has 1,028,071,702,528 permutations and a 12 character password has 475,920,314,814,253,376,475,136 permutations.
That translates to a five character password being cracked in less than a second; a 7 character password taking less than ten minutes, and a nine character password taking up to several years to brute force. Keep in mind the fact that computers get faster and systems get smarter. Keep your passwords long.
Stay unique. Don’t use the same password in more than one place and be careful with subtle variations. Consider a password locker to use long and secure passwords with ease. We recommend Keepass.
Don’t use sentences. Brute force attacks use dictionaries and cycle through combinations of words, making a sentence with four words can be somewhat similar to a four character password. If you DO decide to use a sentence, intentionally misspell words and add special characters.
Update passwords routinely. Systems get breached and sometimes it takes a long time for anyone to notice. Keep your passwords fresh, especially for sensitive accounts.
Guard your email well. Your email is where passwords can be reset, so carefully secure and protect your email.
Be careful of public wifi. Your local cafe is a little more dicey than you might expect.
Use 2-factor authentication whenever possible. Receiving a code via SMS might be a little tedious, but it is quite effective.
Look for the SSL lock next to website URLs and never enter your password in a site with an expired certificate.
Don’t click on links in email. Log in by going directly to the website through your browser.
In short: be smart, and expect hackers to be much smarter.