Welcome to the first in a series of recommendations on Passwords (Part 1)


Are Passwords on their way out?
Passwords are a major part of our lives AND we have numerous (some say countless) amounts of them.   They are the keys to our “electronic” locks.  Trouble is, our keys are so easy to copy or guess, we might as well not have the locks! 
 
Why do we need and have so many different passwords? 
Because almost every one of the sites requiring a password has a different rule set for creating a password.  Many require an uppercase character or a lowercase character or must have a number or must have a special character AND cannot be a password you have chosen in the past 45 years!    
 
Because we have so many sites where we need passwords, we try to make it easy for us to remember them.  Trouble is, if it’s easy for us to remember, it’s easy for the bad guys to guess.  Did you know that the most common passwords are:  Password, Password123, admin, welcome, letmein, QWERTY, QWERTY1234, 123456 and 123123.
 
So what do many of us do with our passwords so we remember them?  We write them down on sticky notes and keep them close to our computer!  Or we write them in a notes area on our phone for easy reference.  Worse yet, we tell our apps to simply remember them so when we use the app, the password is already there!  Sure hope no one comes near your computer or sure hope you don’t lose or misplace your phone.


So the trick is to come up with a way that is easy to remember your password and make it harder on “bad guys” so they don’t break in.  But bad guys know all the common passwords and have access to sophisticated software programs designed to “guess” your password.  How can I, a simple human being, match wits with a computer?  Let me demonstrate.
 
It’s a numbers game! 
Let’s make a simple password comprised of two numbers only.  How many combinations of this password are there?  In this example, we have a password length of 2 and we know that numbers consist of 0 through 9, hence 10 different numbers.  So the formula is 10 to the 2nd power,  10 times 10 = 100.  There are 100 combinations. 
 
Stay with me now, contrast that with a password consisting of two alphabetic characters only.  Now how many combinations?  There are 26 characters in the alphabet  and we again have a password length of 2.  So, mathematically, the formula is 26 to the 2nd power,  26 times 26 = 676.  There are 676 combinations.  This is a much harder password to guess.
 
But computers can guess passwords at a vastly faster rate as they can perform millions of calculations every second.  How can anyone outwit a computer?
 
The answer is, are you ready, PassPhrases! 
 
Yes a phrase is a longer version of a word and therefore is statistically, much more difficult to guess, even for a computer.  So if your PassPhrase is “TheBlueJacketsAreMyTeam”, then using the formula described above, the chances of someone or some computer program guessing your password is …. 26 to the 23rd power (the password length is 23) yielding a 33 digit number,  or one in 350,025,714,498,220,057,526,153,130,908,005 chances of guessing your password.  WOW!  Even our national debt is not that large.
 
Now, using “special characters” like the “!”,  “$”,  “(“,  “)” and the scores of others, will also make it increasingly difficult to guess a password, but for the sake of brevity and explanation, I did not use them in this report.


In conclusion, use your longer (18-25 characters) PassPhrases for very important accounts like your bank and brokerage accounts and use slightly shorter (14-17 characters) PassPhrases for other not as important accounts like SATTELITE RADIO, FANTASY FOOTBALL or CABLE TV accounts.  In all cases, try to use a PassPhrase consisting of at least 14 or 15 characters.  
 

Comments

Popular posts from this blog

Smarter Cyber Security: Passwords Need to be Phased Out!

Recognizing a Phishing Email