The meaning of the word “password” is a secret word, phrase, or sequence of characters that must be presented to gain access or admittance.
In 2011 it took a hacker about four months to hack a simple nine-character password. Now it only takes a hacker three days or fewer. So, as computers become more efficient, hacking passwords will be faster.
Passwords have been around for centuries. The Roman military used passwords or watchwords to gain access to an area. During Prohibition they were used to gain access to a speak-easy . Even until the ‘80s the password was simple to remember — eight characters long and it never expired. But just like speak-easies, mullets, and fanny packs, the eight-character password is no longer in style.
Here is a chart on how long it takes to hack some passwords with the current speed of computers.
How many of us have a four- or six-digit number on our device and how does it compare to the chart above?
In 2013 Google released a list of easy to guess common password types:
- The name of a pet, child, family member, or significant other
- Anniversary dates and birthdays
- Name of a favorite holiday
- Something related to a favorite sports team
- Season of the year
- The word “password”
Passwords are now becoming password phrases, so they are easier to remember. Passwords consist of combinations of uppercase and lowercase letters, with numbers and special characters. The minimum should be 12 characters and phrases are easier to remember. Example password phrases could be: sendero2Manage$, $grows4Sendero, or senderoI$Great2.
Having a password phase means nothing if the service you are using is hacked and your password is compromised. You hear on the news almost daily that a company database has been hacked and passwords have been stolen.
Hackers do not just go after company databases, but they go after you personally using email phishing techniques. Most everyone has received some type of phishing scam. Whether it is a scare tactic, guilt, or curiosity, just click on the link. Some links in a phishing scam can be links that take you to a fake site requesting your login and password for Office 365, a bank account, etc. Hackers can create sites that look like you are logging into Office 365 or into a bank account, but you are giving away your password. Always THINK BEFORE YOU CLICK on any link in an email. If possible, avoid clicking on links in emails.
That’s why every login should have a unique and different password. If the hacker has access to your password by either a phishing scam or a hacked database, then they have access to every account with that same password. Every site with a login should have multi-factor authentication (MFA) turned on. Your login is not just protected by your password but also a second authentication process before you are allowed into the service.
Different passwords for different logins are a necessity now to keep your information safe. There are services that offer storing your different passwords in a very strong encrypted database. They are known as password manager services like LastPass, Dashlane, and Keeper. They store all your login information for each account you use.
David H. Coull
Senior Systems Administrator