Search
  • OSG

Passwords


They are literally the keys to our digital lives, and yet, somehow we completely undermine their importance to us. Take a minute to think about just how many accounts you have online. You might surprise yourself. After realising this, you may want to think about how many different passwords you have. Our guess is not many. Most people tend to stick with a single password, or a password system for their accounts. Basically, if the password is 'Monkey', but the site asks for a number in it, you will use 'Monkey1' etc. In reality, this makes the password no more stronger as computer programmes designed to crack passwords search for these patterns.


Known as 'Brute Force Attacks', this is a method of hacking commonly used by cyber criminals that enables them to use very little effort to gain access to severs etc. A computer will try several combinations of usernames and passwords until it gains access. Simple really. However, on the face of it, there is a flaw with it. The computer will try the most common combinations first. One that springs to mind is 'Admin' and 'Letmein' as the username and password respectively. Without going into too much detail, the idea to avoid being a victim of this type of attack is to think unpredictably. To illustrate this, here is a list of the most commonly used passwords from WTOC on 7th May 2020, National Password Day (yes, that's really a thing) -

  • 123456

  • 123456789

  • qwerty

  • password

  • 1234567

  • 12345678

  • 12345

  • iloveyou

  • 111111

  • 123123

What's really shocking about this, is that these have been the same commonly used passwords for many, many years! It seems we haven't learned our lesson. This gives the answer to the question - why are hackers still able to use the same methods', it's because we make it easy for them. If you look at the above passwords, you'll notice they all have the same level of security - those with numbers are only numbers, those with letters are only letters. No capitalisation, no special characters. And all are relatively short.


It's the last point that we should address here. Creating a password that is 15 characters long is much stronger than one that is 8 characters. Look at it this way. Guess one number correct on the Lottery is a simple enough task. 1 in 59 chance of guessing correctly. Now, guessing all 6 numbers correctly, the odds jump to 1 in 45,000,000. The more characters to guess, the harder it is for hackers - at which point, they will simply move on to an easier target. Because, hackers are clever, but they are very lazy.


So, advice for building a strong password - firstly, avoid using a dictionary word. It's a dead giveaway. Instead, we'd recommend something like an acronym mixed with a few numbers etc. For example, the sentence 'I like to have one cup of coffee in the morning before heading off to work' can be broken down into initials - 'ilthococitmbhotw'. Straight away, this looks much more difficult to guess, but of course, we know that it's easy enough to remember. But we're not done yet. Let's manipulate some capitalisation. We can suggest capitalising the nouns in the sentence (in this case Cup, Coffee, Morning and Work). Now the password reads - 'ilthoCoCitMbhotW'. And how about a number or two? We're already using the word 'one', so let's use a '1' for simplicity, and replace the words 'to' with a '2'. Thus creating the password 'il2h1CoCitMbho2W'. If we're being honest, that password is now pretty much unguessable. As it shows by using the Password Strength Test from My1Login.


3 trillion years is an amazing result - virtually unhackable at this point. However, please remember that noone is 100% safe. Sometimes passwords can be leaked by companies being hacked. It is a shame, but it is sadly the truth. In using a common metaphor, please remember - passwords are like underwear. Change them regularly, Don't leave them out and Don't share them with anyone.


Password tips at a glance -

  • Length over complexity. The longer the password, the better.

  • Avoid Capitals at the start (because that's where they are expected to be)

  • Avoid Numbers at the end (again, they're expected to be there)

  • Dictionary words are a no-no.

  • If the system lets you, use the spacebar. Sometimes it won't but it's a strong character, because it's invisible :)

  • Use more than one password. Use a password manager if you need to.

  • Acronyms are great for 'easy to remember, hard to guess'

  • DON"T SHARE YOUR PASSWORD

Hopefully you've learned a little something and are one step closer to preventing a future hack on yourself. Please do get in touch for more information, and feel free to research through our other materials to better secure yourself.