Think back to your very first password for your very first online account. It was probably a Hotmail email account, or an MSN messenger login. Chances are it was simple as the times we lived in. The paint was still drying on the Internet and we were all naïve enough to think that “password” was clever enough to do the job.
Some people still do.
Protecting against the obvious
A list compiled by SplashData earlier this year ranked millions of passwords stolen by hackers and posted online. “Password” is still number one among others like “123456” (ranked second,) and “111111” (ranked ninth.)
We’re either lazy, or creatures of habit.
“Never use a familiar sequence, phrase or anything so completely obvious,” warns Oliver LeBlanc, a broadcast electrical engineer for Astral Media. LeBlanc is responsible for generating employee accounts and passwords at a trio of Fredericton radio stations. He recommends using what’s known as sequence passwords.
“You shouldn’t ever use the same password for all your stuff, so what I do is I use a familiar sequence for all of them,” says LeBlanc. “Don’t ever use your birthday or your spouse’s name or your cat’s name.”
LeBlanc also suggests using symbols.
“It’s one of the best ways because people always think words and numbers.”
Protecting against programs
Sequences and symbols are great for protecting against Facebook snoopers or those curious about your bank account information, but what about protecting against the computer itself?
St. Thomas alum Alexander Solak is the man responsible for the Aquinian website. He handles the behind the scenes operations for a number of other sites, too.
“People’s passwords are like favourite bands. Too many people share the same one, and yours probably sucks,” he says.
He explains that Spyware, key-loggers, and other hazardous software are designed to crack your password not only to get your information, but also just to make you look stupid.
“You have to remember that the Internet is a vast place full of both saints and scoundrels,” warns Solak. “There are people out there that will test your security, delete your digital possession, ruin your credit history, broadcast your dirty secrets, and generally ruin, for no other reason than ‘the lulz’.”
“There are things you can do,” he says. “The more obscure and non-nonsensical it is, the harder it is for humans to deal with.” When competing against computers you need to take a different approach.
The longer and more complex a password is, the harder it is for a computer to attack,” Solak states.
A “Brute Force Attack” is a method that sees a computer trying every single combination possible to crack your password. For a four-character password, it’s simple trial and error, which for a computer is a matter of seconds.
For every character in a given sequence there are 62 possibilities. One of them will be the correct one. For a program to try 62 different combinations takes an almost incalculably small amount of time. Chances are it won’t even take 62 tries.
The key, then, is extending its length. In the case of password protection against viruses, bigger is better. Security increases exponentially with each character you add. If your password is simply the number “5” it will take 62 tries where if your password is “52” it will take 62×62 tries. The trend continues where “password” is actually 62x62x62x62x62x62x62x62.”
While having a password with 10 to the 8th power may seem impressive to you and I, it’s still child’s play for an algorithm on a mission.
And if all else fails….
The truth is even a complex phrase like “king&34$!” is just as vulnerable to a brute force attack as “password.” We’ve essentially been trained to use passwords that are hard to remember, easy to crack.
If you really want secure your Facebook or Brazzers account, try a random sentence. “My little pony is a good show to watch when I’m breathing in gas fumes” actually looks like 62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x6262x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x6262x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62x62 to a brute force attack computer algorithm.
It’ll take few years to crack and your friends will never guess. Best of all? Chances are you’ll never forget it.
