Smarter Cyber Security: Passwords Need to be Phased Out!

 Passwords simply aren't secure enough!

Passwords are a major part of our lives, and we all have far more of them than we care to think about. They are the keys to our “electronic” locks.  The trouble is, our keys are so easy to copy or guess, we might as well not have the locks!  Unfortunately, there isn't any continuity regarding criteria for passwords from one site to the next. Many require an uppercase character or a lowercase character or must have a number or must have a special character AND cannot be a password you have chosen in the past 45 years!
As a result of having so many sites where we need passwords, we try to make it easy for us to remember them.  However, if it’s easy for us to remember, it’s easy for the bad guys to guess.  Did you know that the most common passwords are:  Password, Password123, admin, welcome, letmein, QWERTY, QWERTY1234, 123456 and 123123? Not smart!
The trick is to come up with a way that is easy to remember your password and make it harder on “bad guys” so they don’t break in.  But bad guys know all the common passwords and have access to sophisticated software programs designed to “guess” your password. Let me demonstrate.
It’s a numbers game! 
Let’s make a simple password comprised of two numbers only.  How many combinations of this password are there?  In this example, we have a password length of 2 and we know that numbers consist of 0 through 9, hence 10 different numbers.  So the formula is 10 to the 2nd power,  10 times 10 = 100.  There are 100 combinations. 
Stay with me now, contrast that with a password consisting of two alphabetic characters only.  Now how many combinations?  There are 26 characters in the alphabet  and we again have a password length of 2.  So, mathematically, the formula is 26 to the 2nd power,  26 times 26 = 676.  There are 676 combinations.  This is a much harder password to guess.
But computers can guess passwords at a vastly faster rate as they can perform millions of calculations every second.  How can anyone outwit a computer?
The answer is, are you ready, PassPhrases! 
Yes a phrase is a longer version of a word and therefore is statistically, much more difficult to guess, even for a computer.  So if your PassPhrase is “TheBlueJacketsAreMyTeam”, then using the formula described above, the chances of someone or some computer program guessing your passphrase is …. 26 to the 23rd power (the password length is 23) yielding a 33 digit number,  or one in 350,025,714,498,220,057,526,153,130,908,005 chances of guessing your password.  WOW!  Even our national debt is not that large.
Now, using “special characters” like the “!”,  “$”,  “(“,  “)” and the scores of others, will also make it increasingly difficult to guess a password, but for the sake of brevity and explanation, I did not use them in this report.
In conclusion, use your longer (18-25 characters) PassPhrases for very important accounts like your bank and brokerage accounts and use slightly shorter (14-17 characters) PassPhrases for other not as important accounts like SATELLITE RADIO, FANTASY FOOTBALL or CABLE TV accounts.  In all cases, try to use a PassPhrase consisting of at least 14 or 15 characters. 

Comments

Popular posts from this blog

Recognizing a Phishing Email