Password security is sounding like a broken record these days. The news talks about yet another password breach, every site you need to log into requires a password and you are constantly reminded that it needs to be very long, very complicated, and ultimately something you cannot remember. I thought – maybe a bit more explanation would be needed to help explain this nightmare we call “Passwords”.

The first thing you should know is that passwords are something very personal to you, typically people use something relatable to them such as a pet or relative, it includes important dates and things that would be most easy for them to remember. If you fall into this category, don’t worry, you are not alone. Here is the problem with that line of thinking. Your social media profile (Facebook, Twitter, Instagram, etc.) probably has most of the information that your password contains already in it. No; someone is not going to be looking at your Facebook and instantly know your password. BUT: an experienced hacker may use a scraping tool to gather all the words from your social media profile and words used in your comments to build what is called a word list. This list contains every word you have put onto social media. They will then use a tool to “Brute Force” your password using different combinations of these words.

This is a funny cartoon from xkcd.com of how to create a incredibly strong password:

You may have read at one time that a 12-character password takes billions of years to crack. Well, computers have gotten a lot better at this over the years and the new estimate on how long it takes to crack a 12-character password is now 2 seconds if it is just comprised of numbers.

What do I do!?!?! Don’t worry, there is always a resolution for these issues. First understanding what the problem is will be the first step to resolving it. The problem being how in the world do I create a long and complicated password and then remember it? The good news is that its fairly easy. Think of a sentence, yes go back to grammar school and a properly punctuated sentence works. The password “sparrowhawk” takes 2 hours to crack, but what about the password: “Sparrowhawktechisawes0me!” well good luck cracking that in a trillion years. Better yet, using spaces is an amazing security measure in a password! A password such as “Sparrowhawk Tech is number 1!” works on every level and a secret that nobody tells you is that spaces in a password cannot be defined in a word list and therefore cannot be easily cracked!

This chart from digg.com shows how long it takes to crack a password in 2022:

Password Brute Force Time Table

But there is also the problem that everyone is supposed to use a different password for every site. This is something I fully condone! You should, you must! This protects you if that site is compromised and they get your password, if you use the same password to your bank you have given them access that quickly. Credential stuffing makes use of passwords gained from breaches against other sites trying to see if someone reused a password.

Let’s take an example from the infographic above. Let’s take the most number of characters (18) and make a Numbers only password for your 1st password. Great, you have a complicated enough password that it’ll take 3 weeks of work to break, great start! But wait, since we can’t reuse passwords to prevent credential stuffing, we have to make more. Say we devise a method to increment the password for the 1st site by 1 for every new site. Sounds good right? There are many different sites that you would have to make a password for and now you have 25 – 100 passwords you have to remember that 18 digit number that has slightly changed for each. Some sites will lock you out after just a few attempts! Add to this, that some sites routinely ask their users to switch their password, now you have to remember the base 18 digit number, the modification to that base number for this new site, and now it has had 3 changes that they have requested. Talk about complex and hard to manage….

There is a solution for this as well! Use a password manager, something like LastPass is a password manager that you can use that will create a new password for you and remember this new password and even better it will automatically fill it out for you! There are many password managers and at the end of the day, a notepad at home with all your passwords is far more secure than using the same password for everything.

Some recommended password managers that come to mind are “LastPass1Password” “KeePass” There are many more, these are amazing, you can install them on your smart phone, your computer, and your tablet. Remember one password and have much greater security than before!

Continue to protect yourself and if you ever need some assistance or want to have a conversation remember Sparrowhawk Tech is here to keep your technology safe.