Smarter Cyber Security: Passwords Need to be Phased Out!

-

 Passwords simply aren't secure enough!

Passwords are a major part of our lives, and we all have far more of them than we care to think about. They are the keys to our “electronic” locks.  The trouble is, our keys are so easy to copy or guess, we might as well not have the locks!  Unfortunately, there isn't any continuity regarding criteria for passwords from one site to the next. Many require an uppercase character or a lowercase character or must have a number or must have a special character AND cannot be a password you have chosen in the past 45 years!
As a result of having so many sites where we need passwords, we try to make it easy for us to remember them.  However, if it’s easy for us to remember, it’s easy for the bad guys to guess.  Did you know that the most common passwords are:  Password, Password123, admin, welcome, letmein, QWERTY, QWERTY1234, 123456 and 123123? Not smart!
The trick is to come up with a way that is easy to remember your password and make it harder on “bad guys” so they don’t break in.  But bad guys know all the common passwords and have access to sophisticated software programs designed to “guess” your password. Let me demonstrate.
It’s a numbers game! 
Let’s make a simple password comprised of two numbers only.  How many combinations of this password are there?  In this example, we have a password length of 2 and we know that numbers consist of 0 through 9, hence 10 different numbers.  So the formula is 10 to the 2nd power,  10 times 10 = 100.  There are 100 combinations. 
Stay with me now, contrast that with a password consisting of two alphabetic characters only.  Now how many combinations?  There are 26 characters in the alphabet  and we again have a password length of 2.  So, mathematically, the formula is 26 to the 2nd power,  26 times 26 = 676.  There are 676 combinations.  This is a much harder password to guess.
But computers can guess passwords at a vastly faster rate as they can perform millions of calculations every second.  How can anyone outwit a computer?
The answer is, are you ready, PassPhrases! 
Yes a phrase is a longer version of a word and therefore is statistically, much more difficult to guess, even for a computer.  So if your PassPhrase is “TheBlueJacketsAreMyTeam”, then using the formula described above, the chances of someone or some computer program guessing your passphrase is …. 26 to the 23rd power (the password length is 23) yielding a 33 digit number,  or one in 350,025,714,498,220,057,526,153,130,908,005 chances of guessing your password.  WOW!  Even our national debt is not that large.
Now, using “special characters” like the “!”,  “$”,  “(“,  “)” and the scores of others, will also make it increasingly difficult to guess a password, but for the sake of brevity and explanation, I did not use them in this report.
In conclusion, use your longer (18-25 characters) PassPhrases for very important accounts like your bank and brokerage accounts and use slightly shorter (14-17 characters) PassPhrases for other not as important accounts like SATELLITE RADIO, FANTASY FOOTBALL or CABLE TV accounts.  In all cases, try to use a PassPhrase consisting of at least 14 or 15 characters. 

Comments

Post a Comment

Popular posts from this blog

-
Cybersecurity in 2021: What to expect in the coming year – Jim Schirtzinger, XLN SYSTEMS As any particular year comes to a close, it is typical to look back at everything that has happened. We celebrate the good, mourn the losses, and try to learn from mistakes. Most will agree that 2020 was an unusual year by any standard, highlighted by a major pandemic, lockdowns, civil unrest, and a controversial presidential election. Rather than dwell on all of the bad that came from 2020, it is time to look ahead to 2021 with anticipation and hope for a return to some form of normalcy. Unfortunately, no matter what improvements are made over 2020 (An effective virus vaccine? A calming of political tension? A robust economic recovery?), Cybersecurity will remain a constant and urgent need for everyone both commercially and privately. With that in mind, what new threats should we expect to face in the digital realm as we turn the page from 2020 to 2021? 2020 saw a huge increase in connected de
Read more

RANSOMware: Protecting Your Small Business

-
As small business owners, we wear many hats in order to grow and protect our businesses.  In today’s Digital Age, we must wear one more; we are the Protector of our business from the threat of Cyber Intrusion, Data Theft, and Financial Embezzlement. But how can we protect our business when big businesses with deep pockets can barely protect themselves?  We read practically every week another well-known large corporation admit they were “hacked” and millions of customer records have become compromised.  Closer to home, we hear how thousands surrender to “digital pirates” via RANSOMware, where your PC and data are held at ransom by data encryption until you pay the bounty. Keep your head up!  There are things we can do to protect our businesses, and these proactive defenses won’t break the bank. First, EDUCATE yourself and your employees who have access to business computers.  Passwords should be at least fourteen characters long, never shared and never written down near the PC.  When re
Read more

Holiday Cyber Scams: How to Identify and Avoid Them!

-
  The holidays are a time of celebrations, family gatherings, and shopping for Christmas gifts. Millions of American’s head to their local malls, shopping centers, and online retailers to find the most desired treasures for their loved ones to make it a year to remember. While it is an exciting time that elicits happy thoughts and feelings of peace, it is also a time that brings out criminals and evildoers in large numbers who seek to steal away those happy thoughts. Cyber thieves use a wide variety of tricks and scams to separate people from their money, leaving behind confusion, anger, and broken dreams. Cyber scams have become increasingly complicated and deceitful in recent years. Thieves use emails, texts, credit card skimmers, fake gift cards, and many other enticing traps to create confusion when shoppers are looking for a good deal. Shoppers must be aware of sites that they use to purchase gifts, and never input personal or financial information onto sites that aren’t trusted
Read more