One of the numerous issues with the increasingly more digitalized contemporary reality is the sense of false security that it so easily instills in people. We are lulled into feeling that our passwords are keeping our data safe, our bank accounts are linked to our e-mail, our phones unlock with our unique fingerprints, and so on.
We are not here to argue that the 21st century is a fantastic, breathtaking time to be alive – it is indeed, with all the diversity, amazing technology and freedom that it offers. But there’s a price tag on everything, including the convenience and ease of many everyday tasks that can be undertaken online (or in many cases can exclusively be conducted), and, in this case, the price are the digital threats, such as identity theft, the ever-increasing danger of privacy intrusion, cyber-bullying, personal information leaks, bank fraud and other numerous potential security breaches that may range from unpleasant to life-threatening.
Passwords are one of the chief security walls between a device or application user and the potential threats posed by hackers and malware, among other issues. Or are they? Are they merely a veil that creates a false sense of security?
Basic password rules
Well, certainly if a top-level hacker sets a goal to get into your e-mail, provided that you’re not a top-level hacker yourself, it’ll most likely be a matter of minutes, or hours at the most. However, since this is an unlikely case scenario, we’d say that passwords are a relatively reliable defense against an average break-in attempt. So it does make perfect sense to learn the basics of proper password creation, namely:
- Random is better than predictable
- Complex is better than simple
- Long is better than short
Reusing old passwords / Using the same password on different websites /Keyboard patterns / Doubling up the password to meet length requirements
- Two-step verification should be used where available
And here’s another piece of advice that’s so obvious that it almost seems ridiculous – do not ever use the passwords like 123456 and password. These are the first to be cracked by the most amateur hackers, and denote your complete oblivion to the basic digital safety rules. Common pop-culture terms, numbers in their regular or reverse order, letmein, qwerty, iloveyou, admin, welcome, whatever and login top the “most popular passwords” lists for years on end – never mind the fact that in a perfectly sound digital world there should not be any such lists to begin with. According to one of the latest Splashdata compilations, the newest 2017 addition is, ironically, trustno1.
A password manager app is actually a great way to store passwords in a secure manner, and generate new ones if you’re all out of ideas.
How vulnerable are we?
As the number of our activities shifting to the digital zone is increasing with the speed of lightning, the number of threats that we encounter grows at approximately the same rate, so we need to be aware of how vulnerable we are and do whatever we can to become at least somewhat less vulnerable.
There is a lot of frightening information out in the open about hackers being able to crack up to 90% of 16-character strong passwords. This is possible primarily due to the relatively insecure cryptographic method called hashing, which is most commonly used. The passwords are ran through a one-way mathematical function, which creates a hash, or a unique string of numbers and letters. The hash can be then converted back into a plain text password.
The first stage of an attack usually cracks over 50% of the passwords, while the later attempts are increasingly more complicated, utilizing so-called Markov attacks, brute-force attacks and wordlist attacks, and reveal a smaller and smaller number of passwords. There isn’t much than a regular user can do about the way that a website treats their password. However, making sure that you’ve complied the relatively simple basic rules will indeed protect you from break-ins – at least to a certain extent.