Passwords are the essence of personal security
Without a password you can kiss good bye to security in an online account. Security keeps all our personal and financial details safe. Of course a password is more than just a few letters and numbers put together. There are some important things to think about. One of them is how easy it is to crack a password. Given how much hacking goes on in the world strong passwords are essential.
Hack or crack a password? Or social engineer?
There are dozens of powerful ways that even consumer level computers can be used to crack password entry to a system. But all of them require time and tie up computing power. However, if you are prepared to leave a cracking application running for anything from a few minutes to several weeks, most passwords will give up their secrets. A recent blog states that more sophisticated equipment at around $20,000 will be able to crack 8 digit passwords in around six hours.
This brute force style of attack is clearly worrying. But there are other considerations.I recently posted this tweet on my twitter stream…
Nine times out of ten a hacker will get your password or pin by looking over your shoulder while you punch it in.
The tweet elicited the following simple response from one of my followers, “You are joking aren’t you?”
This technique is not as successful as it used to be. People are a bit more aware today. But it is still one of the most used techniques to get into peoples accounts.
Big claims are also made about the success of something called “social engineering”. Research confirms it is a very successful method of getting passwords from people. Social engineering is defined in Wikipedia:
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.
Social engineering (security) on Wikipedia
Kevin Mitnick was one of the earliest social engineering criminals in computing. He spent some years in prison. He is now reformed, and a security consultant. He says it is easier to trick someone into giving a password than to spend the effort to crack the system. So, password holders beware. Even strong passwords can be stolen by confidence tricks. Never give anyone your security information.
If brute force, cons and knowledge can do the trick, why bother?
Yes, you can be tricked out of your password. Yes, brute force attacks can crack password systems. Yes your accounts are always under threat. But strong passwords are still important. Without them you are completely defenceless. In addition, as more powerful cracking technologies develop, more defence systems are put in place to prevent attacks. It is true that security is a battle, and the war is never won. However, the strong passwords model is part of the armour.
Strong passwords – some pointers
Strong passwords might be defined as…
- Longer than 14 characters (numbers and letters);
- Containing upper and lower case characters;
- Containing other characters (symbols like ! ” ? $ % ^ &);
- Using random character strings where possible;
- Not using any personal or identifiable information about you;
- Regularly replaced with equally strong passwords;
- Kept completely secret.
Being aware of the need for strong passwords is a most important step. Making your self and your accounts safe is something that takes time and energy. It is worth it to ensure you do not lose your life savings, your privacy or your dignity.