Using Your Internet Service With Confidence Due To Complex Passwords? You May Not Be Safe

It’s become as commonplace as the ‘don’t talk to strangers’ rule: The more complex your passwords, the less likely your accounts are to be hacked. It was recently discovered that even a newbie password cracker can hack a large percentage of a block of them using their internet service. This led to the question of the amount of damage a seasoned hacker could do to those passwords using letter, number and case combinations.

Experts warn that the art of cracking passwords is evolving at breakneck speeds, enjoying more of an advance since 2007 than in the decades before that. And the good news for hackers is that users are recycling their old passwords. Combined, this provides a perfect storm for cyber security, which it is said has rendered passwords weaker than ever before.

Some scary statistics include the fact that the average internet user uses only about six passwords to protect some 25 accounts online. Many times, a user will have to enter their email address as a user name, meaning that the details from only one account need to be obtained in order to gain access to several.

But hackers also have more effective tools at their disposal for cracking passwords; modern techniques and newer hardware. All it takes is a current-day graphics processor, and a hacker can put their hacking program into overdrive. How much into overdrive? Consider that some graphics processors can attempt over eight billion password combinations per second.

But not all of the news is bad; there were some interesting discoveries during a recent password crackathon, one of them being that often, the users of a particular site use very similar passwords to log into their site accounts. What makes this discovery even more interesting is that the users of the site have never met, either online or in person.

As, well, the crackathon underscored the need for better passwords. Some companies, such as those in the Fortune 500, severely restrict the kinds of passwords that employees can use for network or email access, and it appears to work very efficiently. And this has caused experts to question why retail websites don’t do the same thing with their customers. By limiting what their customers can use for passwords, much fewer attempts to breach customer accounts may be recorded.

A basic rule of thumb, according to those in the know would be to ensure any password being used doesn’t go below eleven characters. As well, it should include lower and upper case letters in addition to numbers, and should not follow any known pattern.

It may also do users well to take any estimation of the time taken to crack a particular password with a grain of salt. When placed in a real-world hacking situation, a password deemed by many sites to take about six years to crack was actually one of the first ones to be crossed off the list during the crackathon.

Using a password manager may offer users a way to ensure that any password they generate will be difficult for hackers to crack.