Welcome to the first in a series of recommendations on Passwords (Part 1)

-

Are Passwords on their way out?
Passwords are a major part of our lives AND we have numerous (some say countless) amounts of them.   They are the keys to our “electronic” locks.  Trouble is, our keys are so easy to copy or guess, we might as well not have the locks! 
 
Why do we need and have so many different passwords? 
Because almost every one of the sites requiring a password has a different rule set for creating a password.  Many require an uppercase character or a lowercase character or must have a number or must have a special character AND cannot be a password you have chosen in the past 45 years!    
 
Because we have so many sites where we need passwords, we try to make it easy for us to remember them.  Trouble is, if it’s easy for us to remember, it’s easy for the bad guys to guess.  Did you know that the most common passwords are:  Password, Password123, admin, welcome, letmein, QWERTY, QWERTY1234, 123456 and 123123.
 
So what do many of us do with our passwords so we remember them?  We write them down on sticky notes and keep them close to our computer!  Or we write them in a notes area on our phone for easy reference.  Worse yet, we tell our apps to simply remember them so when we use the app, the password is already there!  Sure hope no one comes near your computer or sure hope you don’t lose or misplace your phone.


So the trick is to come up with a way that is easy to remember your password and make it harder on “bad guys” so they don’t break in.  But bad guys know all the common passwords and have access to sophisticated software programs designed to “guess” your password.  How can I, a simple human being, match wits with a computer?  Let me demonstrate.
 
It’s a numbers game! 
Let’s make a simple password comprised of two numbers only.  How many combinations of this password are there?  In this example, we have a password length of 2 and we know that numbers consist of 0 through 9, hence 10 different numbers.  So the formula is 10 to the 2nd power,  10 times 10 = 100.  There are 100 combinations. 
 
Stay with me now, contrast that with a password consisting of two alphabetic characters only.  Now how many combinations?  There are 26 characters in the alphabet  and we again have a password length of 2.  So, mathematically, the formula is 26 to the 2nd power,  26 times 26 = 676.  There are 676 combinations.  This is a much harder password to guess.
 
But computers can guess passwords at a vastly faster rate as they can perform millions of calculations every second.  How can anyone outwit a computer?
 
The answer is, are you ready, PassPhrases! 
 
Yes a phrase is a longer version of a word and therefore is statistically, much more difficult to guess, even for a computer.  So if your PassPhrase is “TheBlueJacketsAreMyTeam”, then using the formula described above, the chances of someone or some computer program guessing your password is …. 26 to the 23rd power (the password length is 23) yielding a 33 digit number,  or one in 350,025,714,498,220,057,526,153,130,908,005 chances of guessing your password.  WOW!  Even our national debt is not that large.
 
Now, using “special characters” like the “!”,  “$”,  “(“,  “)” and the scores of others, will also make it increasingly difficult to guess a password, but for the sake of brevity and explanation, I did not use them in this report.
In conclusion, use your longer (18-25 characters) PassPhrases for very important accounts like your bank and brokerage accounts and use slightly shorter (14-17 characters) PassPhrases for other not as important accounts like SATTELITE RADIO, FANTASY FOOTBALL or CABLE TV accounts.  In all cases, try to use a PassPhrase consisting of at least 14 or 15 characters.  
 

Comments

Post a Comment

Popular posts from this blog

-
Cybersecurity in 2021: What to expect in the coming year – Jim Schirtzinger, XLN SYSTEMS As any particular year comes to a close, it is typical to look back at everything that has happened. We celebrate the good, mourn the losses, and try to learn from mistakes. Most will agree that 2020 was an unusual year by any standard, highlighted by a major pandemic, lockdowns, civil unrest, and a controversial presidential election. Rather than dwell on all of the bad that came from 2020, it is time to look ahead to 2021 with anticipation and hope for a return to some form of normalcy. Unfortunately, no matter what improvements are made over 2020 (An effective virus vaccine? A calming of political tension? A robust economic recovery?), Cybersecurity will remain a constant and urgent need for everyone both commercially and privately. With that in mind, what new threats should we expect to face in the digital realm as we turn the page from 2020 to 2021? 2020 saw a huge increase in connected de
Read more

Smarter Cyber Security: Passwords Need to be Phased Out!

-
  Passwords simply aren't secure enough! Passwords are a major part of our lives, and we all have far more of them than we care to think about. They are the keys to our “electronic” locks.  The trouble is, our keys are so easy to copy or guess, we might as well not have the locks!  U nfortunately, there isn't any continuity regarding criteria for passwords from one site to the next. Many require an uppercase character or a lowercase character or must have a number or must have a special character AND cannot be a password you have chosen in the past 45 years! As a result of having so many sites where we need passwords, we try to make it easy for us to remember them.  However, if it’s easy for us to remember, it’s easy for the bad guys to guess.  Did you know that the most common passwords are:  Password, Password123, admin, welcome, letmein, QWERTY, QWERTY1234, 123456 and 123123? Not smart! The trick is to come up with a way that is easy to remember your password and make it har
Read more

RANSOMware: Protecting Your Small Business

-
As small business owners, we wear many hats in order to grow and protect our businesses.  In today’s Digital Age, we must wear one more; we are the Protector of our business from the threat of Cyber Intrusion, Data Theft, and Financial Embezzlement. But how can we protect our business when big businesses with deep pockets can barely protect themselves?  We read practically every week another well-known large corporation admit they were “hacked” and millions of customer records have become compromised.  Closer to home, we hear how thousands surrender to “digital pirates” via RANSOMware, where your PC and data are held at ransom by data encryption until you pay the bounty. Keep your head up!  There are things we can do to protect our businesses, and these proactive defenses won’t break the bank. First, EDUCATE yourself and your employees who have access to business computers.  Passwords should be at least fourteen characters long, never shared and never written down near the PC.  When re
Read more