Password Security

2 10 2015

You may hear from time to time that someone’s email has been “hacked” and is sending out spam. The term “hacked” sounds scary, and it can be, but typically when someone’s email has been “hacked”, it is nothing more than an automated system that guessed your password. A simple password change will resolve the issue. Most of the time an attacker has gathered a list of email addresses that are loaded into a computer or server and then the automated system runs a dictionary attack on those accounts. A “dictionary attack” is a technique used to try and guess the password of an account by trying multiple combinations of passwords containing words that you may find in a dictionary. When your password is a single, common word, and maybe a number or two thrown on the end, the system will figure that out. Now they have your email credentials. Attackers then utilize this account information to send spam to your contacts and others on your behalf. This allows them the opportunity to sometimes bypass spam filters and also hide their tracks. So, by definition, yes you have been hacked, but not in the sense most people think of when they hear the phrase, “you’ve been hacked.”

This leads me to password security. According to gizmodo.com, the top 3 password in 2014 were 123456, password, and 12345. If any of these are your personal email passwords, I can guarantee you that your email credentials will be compromised at some point, if they haven’t been already. When creating a password, never use your name, a family member’s name, all numbers, or any word that personally identifies with you that may be easily guessed. Even when you think you are being tricky by making an “a” and “@” symbol or making an “O” a “zero”, sophisticated password cracking tools will figure those out. These are easily guessed by a dictionary attack, or maybe someone that knows you and may have more malicious intent than sending some spam from your email account.

It is best to use what is called a passphrase, rather than a password. A passphrase is a string of words that make up a phrase. Passphrases are much more difficult to guess and are often easy to remember. To most, Ilovecatpictures is easier to remember than C@t$2015, and is more secure. According to howsecureismypassword.net, it would take a desktop pc 22 billion years to crack the Ilovecatpictures passphrase, and just 3 days to crack C@t$2015! While these numbers might be a bit exaggerated, you get the picture. I used this site for educational purposes. It is not recommended to enter your real password; I mean passphrase, into the website to check its strength.

Another great way to create and manage secure passwords is to use a Password Manager such as LastPass or RoboForm. These tools, which are password protected themselves, will allow you to create secure passwords for all of your online accounts and they will remember them for you. They also include a feature that will auto generate a super secure password that you could never remember, but you don’t have to!

Oh, and one last thing, don’t tell anyone your passwords or write it on a sticky note near your computer!

Brian McReynolds

Submitted by Brian McReynolds, IT Consultant, RBSK Partners 


Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: