Is your password Secure or will you be the next statistic?
If you don’t keep your passwords secure, your information could be exposed as 63% of data breaches are attributed to weak or stolen passwords (source Verizon Data Breach Investigation Report 2016)
In 2016 the No.1 most common password was 123456 (source Keeper Security Study 2016)
The problem with complexity, secure vs easy to remember
For years IT administrators have tried to enforce complex passwords, the problem is that very few people can remember them.
Complexity recommendation until recently has been 8 characters, 1 Uppercase, 1 lowercase, 1 numeric and 1 symbol.
Unfortunately expectation is far from reality, when Qj@ut0k% is expected we get Yellow2!.
While I would never recommend that you enter your current password into an untrusted system, for educational purposes I will refer to a password testing service to demonstrate.
An average home computer is capable of guessing Yellow2! in 11 minutes.
In comparison while still not great Qj@ut0k% would take 12 days.
In 2016 NIST (United States National Institute of Standards and Technology) a standards board with international recognition published Draft changes to it’s Digital Identity Guidelines (https://pages.nist.gov/800-63-3/sp800-63b.html) in this document the minimum length for a single factor authentication (password) was revised from 8 characters (64bits) to 14 characters (112bits) again I will demonstrate the effectiveness of this revision using the password testing tool
Expectation: F!$4Vwf3W7iXaY – Reality: YellowHat1234!
YellowHat1234! would take 17 years
F!$4Vwf3W7iXaY would take 32,700 years
Bare in mind these numbers are for a home computer, the more powerful the computer cracking your password the less time it will take
The point to be made here is that the length of your password has a huge impact on the time it will take to crack random or otherwise a comparative test password “TheLittleGreenFrog” would take 4 hundred years to crack with a home computer, “TheLittleGreenFrog99%” would take even the fastest computer 1200 years to crack
Strong password no worries, secure right?
Not exactly, password security is about more than just being hard to guess, as mentioned 63% of data breaches are attributed to weak or stolen passwords.
common scenarios are, sharing and/or storing passwords without encryption (writing down on paper, sending in an email, saving in a spreadsheet) and malware (specifically password stealing key loggers).
Reusing/recycling passwords for multiple systems is also a big contributor. In a lot of cases, a password used for a private account, is also used to access a business system, gets compromised and used to steal business data.
- Upgrade your passwords to the new recommended 14 character minimum
- Think passphrase instead of password use spaces where permitted (Purple Gum Tree 46 !)
- Don’t reuse/recycle your passwords (one password per system)
- Don’t share or store your passwords without encryption (I recommend a zero knowledge password manager)
- Where possible enable multifactor authentication
Disclaimer: the password tool is used for demonstration purposes only. The validity of any one result should not be used to determine the security of the password entered. We recommend the use of a password management system to generate and store long complex passwords securely.