2016 has, unfortunately, been a year of high-profile hacks. From Mark Zuckerberg to Katy Perry, it seems no one is out of reach from malicious hacker groups. Unfortunately, many companies are not taking action and leave themselves vulnerable to things like Ransomware attacks or Phishing. Many attacks can be avoided if you simply have a secure password that you change occasionally. It can be tempting to use the same easy-to-remember password for all of your accounts. While you save a few minutes of your time, you are doing so at the cost of becoming vulnerable.
You know how important secure passwords are to you and your business, but how do you make a secure password and how often should you change it?
Hackers and the tools they use to crack passwords are getting better and better at cracking passwords. There are many techniques used, one of the most popular being brute-force cracking. This is simply a trial and error method of password hacking that simply cycles through all possible character combinations until the correct password is guessed. Every year these applications are getting faster and more easily customized. Hackers can even put in information about you (the name of your dog, favorite sports team, etc.) to specify the combinations to try first.
The key to protecting your password is to use a wide variety of different characters. Combine numbers, uppercase, lowercase, symbols to increase the security. Play with the calculator to test out a few ideas.
I know what you are saying: “It’s great if I have ‘h&9fb43f’ as my password, but I will never remember that!”. No worries, there are tricks. Here are 3 of them:
1) Bruce Schneier’s Method
This method is to turn a sentence into a password. Create a simple sentence, then combine and abbreviate it into one string of characters.
E.g. WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!
2) The PAO (Person-Action-Object) Method
This is a cognitive trick to help you create a visualization in your head that will then give you the password characters. Select an image of a place (a church), a person (Michael Jordan), and some random action along with an object with the place and person (Michael Jordan eating Doritos in a church).
In this example, your password could be something like “[email protected]@c#urC#”.
3) The Phonetic Muscle Memory
This method uses phonetics and muscle memory to make a random assortment of characters into a meaningful sequence. It is similar to Bruce Schneier’s Method, but reversed. Use programs like Nortons Password Generator, and create a list of randomly generated strings. Scan them all looking for meaning within some of them, then find one that has meaning to you. Something like “[email protected]!” sounds like “reacro”. This is not a real word, but it is definitely memorable enough.
The next question then becomes how often to change the password. This will vary depending on the system behind your password. The more important security is to the system is, the more frequently you want to change it. The reason for changing goes back to the brute-force cracking method we looked at earlier. The longer your password stays the same, the more time these applications have to break them.
For not-so-important applications, you can change them every year or so and probably be safe. Your banking credentials and WordPress credentials, on the other hand, should probably be changed every two months or so to ensure security.
Remember, create a secure password, then make sure to change it every so often. This is the first, and simplest, step towards ensuring your personal and professional data security.