What Password Security Do You Have If You Just Pick Your Phone Number?
Back in the 90s when the whole Internet thing had just started, there were two kinds of ways that people would react when their e-mail sign up form asked for a password.
They would take it far too seriously and make up a ridiculously complicated password that they would forget about 3 seconds later, or they would take it as a joke and type in a password like ‘12345’, ‘Iloveyou’ or ‘11111’.
In today’s world of Chinese government break-ins into Gmail, hackers and spies, the world’s e-mail programs are demanding a little more sophistication from us and we need to type in six characters with at least one number.
Little do they know, we’re just going to come up with something like ‘123abc ‘or ‘1a1a1a’. When it comes to password security, it would be safe to say that people don’t believe that anyone would care about their e-mail enough to want to hack into it.
They’ve done research into all the passwords that people like to use on their e-mail and on website memberships that they sign up for. It seems epidemic; a quarter of all Internet users use hopeless passwords like these. Girlfriends’ first names happen to be particular favourites too.
There was a security breach, at an Internet company that makes Facebook apps, recently. They happened to post their entire database of passwords on the Internet for a few minutes.
Some hacker must have found it in those minutes and downloaded the entire set of tens of millions of passwords. To human behaviour analysts and people who like to study computer security, this was an insight into password behaviour in people, unlike any other.
There were forensics students, software designers, just about anyone with an interest in the way people behave around computers, studying this unusual treasure trove of information. They found that ‘123456’ was still the crowd pleaser and that about one in a hundred uses it.
Other very popular lame passwords were thoughtful ones like ‘QWERTY’. They found that about one in five people picked from maybe a couple thousand possible password choices, no more. What does this say about password security on the Internet?
All a hacker would have to do is make a basic program to try all of the very common passwords and one out of five times, he would hit pay dirt.
A good average computer could probably try password combinations 1000 times every second. He could probably hack open the common e-mail account in about 2 seconds with an automated program.
Some websites think it’s a smart move to freeze an account after too many wrong guesses have been made within a certain time. But hackers don’t have just one account to play with, they have millions.
Their automated hacking software could try a couple of guesses on each account and move on to the next so that by the time they come around to the first account for another bash at it, it’s been given some time to recover.
In some cases, freezing an account is not a great solution for password security either. If you were on an auction site like eBay and you wanted to really win an auction, you would only have to log out all the other competitors for that thing you have an eye on, by trying to get in into their accounts with the wrong password several times and freezing everyone out of their own id’s.
They will not be able to compete against you if they had no access to their accounts.
Password security is all about having one password that is hard to guess and secret. You can be using one on the entire Internet and you would be safe. Most applications these days have password generators (checkers) that evaluate the strength of the password you enter. Make use of them to generate very strong passwords.
Good practice is to have one password to use for your banking, one for public use like Facebook, Skype etc and another for other places / newsletters you sign up for. This way it is much easier to remember which password is used where.
Strong passwords should be at least 6 characters long, have capital and lower case letters plus numbers. Examples of strong passwords are: ‘mY1fOrd’, ‘My2dOGs’ or ‘0cATs4m’. Try creating passwords that is easy for you to remember but difficult to hack.
DO NOT USE YOUR PHONE NUMBER!
