Let’s go back a few years and those of us who were online and used systems at work would often use the same password for all system’s or maybe two or three different ones. These day’s its not advisable to do this as hackers crack common passwords very quick, and once they get into one system they can try your same password on other systems, this is known as Credential Stuffing.
As someone who has worked in IT for over 25 years I can tell you for a fact the most common passwords are a name followed by a number. So ladies tend to use something like “matthew1982” for a child’s name and birth year. But men often use something sport related like “mufcjohn1999”. But that is just an example I have given, please don’t shout at me for stereotyping people !.
Back in 2012 Linkedin suffered a data breach where hackers were found to have stolen password hashes and other information. It was later discovered that 6.5 million account credentials were posted on a Russian password forum for the world to see. Not long after it was reported that a database from this hack was discovered and that contained 167 million accounts, with 117 million of them containing cracked passwords with e-mail addresses.
So, for example if you used the same e-mail address and password for LinkedIn as any other system hackers started to try these usernames and passwords on other systems. Many users could not understand how the hackers had their details as the other platforms said they had not been hacked, but they just used the details from the LinkedIn hack.
Remember never use the following personal details for your password:
• Current partner’s name
• Child’s name
• Other family members’ name
• Pet’s name
• Place of birth
• Favourite holiday
• Something related to your favourite sports team
The more complex a password is the longer it would take someone to crack. General dictionary words should not be used, as its very easy to write a password cracking script to try a few thousand common words, I could knock that script up in less than 1 hour and that includes downloading a list of common words, which are easy to get hold of online.
If your unsure how strong your password is you can try it out here https://www.security.org/how-secure-is-my-password/ this site will just show you how long it would take a computer to guess your password.
Key points regarding a secure password
- Never use common dictionary words on their own.
- Longer passwords are more secure than shorter passwords. Create passwords that are more than 10 characters long.
- Ensure passwords contain a mix of letters, numbers and special characters.
- Always use a different password for each system you use.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.