In its most basic form, hacking involves a malicious actor trying to guess a password to gain access to your account. There are more sophisticated methods that are constantly being developed. Brute force attacks, which try a stupendous number of combinations of letters, numbers and symbols in the hope of landing on the right one for your account. Even a decade ago in 2012, one system could run through every possible eight-character password in under 6 hours. It could try 350 billion passwords per second. Making a secure password is vital to protect your security.
Length is key
If a computer can guess every possible eight-character password in six hours, your password needs to be longer than that. Over 12 characters is essential for a secure password, and we strongly encourage over 15. Every character you add is another character for their computer to try to guess, so pack them in.
Passphrases and sentences are king
There aren’t many words long enough for a 15-character password, and we don’t recommend adding “123456…” to the end of your existing passwords to make them into a secure 15. Passphrases are groups of words stuck together to make one password. To make them as secure as possible, use random unusual words. For example:
To add another layer of complexity, add random characters in and between words. Avoid just using underscores or replacing letters with leetspeak (common number/symbol codes, like swapping 3 for E or $ for S).
Sentences using the Bruce Scheiner method operate on similar lines, but are more resistant to dictionary attacks, where attackers will run a brute force attack suing words from the dictionary, often including leetspeak substitutions.
Scheiner’s method works by taking a sentence personal to you, for example: “I got my dog in July 2014, he is called Rover”, and shrinking that down into a password with a rule like taking the first two characters of each word. This would give you:
That’s not in any dictionary.
Use a password manager
The best way to make all of your passwords secure is by using a password manager and randomly generated passwords. Often password managers like LastPass will suggest passwords like this whenever you’re creating a new one and they’ll look something like:
It’s gibberish and unique, which means it’s much harder to crack, but most importantly you don’t have to remember it. You just have to remember one password instead of dozens – the one to the password manager. Using the other techniques from this blog, you can protect yourself as much as possible from hackers.
Having secure passwords is a key part of the Cyber Essentials certification. This certificate will protect your organisation from cyber attacks by up to 80%. Contact OmniCyber Security today to find out more about our Cyber Essentials services and check the Cyber Essentials checklist for the full list of requirements to get certified.