The purpose of a password is to protect your privacy and data, but passwords are not always as secure as we think they are. Internet passwords are actually kept in a file and these are usually stored in one of two ways, encrypted or plain text files. A password stored in a plain text file is about as secure as an open bank vault! However with encrypted password files, the level of security isn’t whether the password file is encrypted – it’s how the file is encrypted.
As an IT support company, we are often asked by clients ‘What is the best way to choose a secure password?’ A secure password is completely random string of text, consisting of upper-case and lowercase characters, with numbers and special characters that is 8 or more characters long.
The most common passkeys people use relate to something personal to them or their business; this is never going to be secure! These types of passwords may be someone’s favourite food, the name of their children or favourite sports team. These days’ hackers can easily find this type of information via social networking sites and other websites containing personal data. A professional hacker with the intention of cracking a passkey for someone with a Facebook account is able to detect a wide range of personal information without even meeting them. Data such as a passion for Chelsea football club can be detected from pictures of matches or a posted interest expressed online. A hacker can run software to collect words from the Chelsea website and begin discrete trial and error attempts with likely passwords, in the hope one matches the passwords hash.
Unfortunately there is no such thing as a passkey that cannot be cracked, if the attacker has the resources and time to put into cracking a password, they will! However, having a longer, secure password will make cracking harder and more frustrating for the criminals involved. To conclude, when choosing a new password, follow these steps to ensure it’s as secure as possible;
- Don’t make it basic just because its easy to remember
- Change your password every 60 – 90 days
- Ensure its completely random
- Choose 8 or more characters – the longer the better
- Ensure its made up alpha numeric characters, containing upper and lower case, preferably including some special characters
- Never reveal your password to anyone, especially over the phone, via email or on the internet – there are many scams involving passwords, always remember a supplier would never ask you to reveal a password
- Never write your password down – keep it in your head