fbpx
Contact Us

Is Your Family Using Passwords? You Must Stop Today

Go Back

We use passwords every day and they provide access to some of our most sensitive data. The problem is that we no longer need to protect ourselves from people physically sitting at our computer manually trying to guess our passwords – hackers are now much more efficient than this! They use powerful and fully automated password cracking software (like ‘John the Ripper’) to super-charge their hacking capabilities. What’s more, these tools are also readily accessible to anyone with an internet connection, so we’re entering a time where even people with a basic understanding of computers can hack into other people’s devices. All of this means that it is more important than ever to have secure passwords. So, stick a brew on, get comfy and read on!

Passwords are Sh*t

Let’s face it. Passwords are a pain in the ****. Unfortunately, they are the main way we authenticate ourselves to our devices at the moment and although biometrics (e.g. face and fingerprint authentication) are increasing, passwords are likely  to remain for a few years to come. Why are they such a pain to use? One reason - they are impossible to remember.

1. They must be complex - making complex by definition makes them hard to remember. Especially for the young or elderly.

2. They must be long - the longer they are the more likely to forget bits of them.

3. We must use a unique one for every online account we have - with most people having an average of 118 online accounts, we are never going to remember 118+ complex and long strings of numbers and letters!

4. They must be changed frequently - oh come on....give us a chance!!

What many don’t know is that this much-detested system has now been officially denounced (back in 2015) by none other than GCHQ – the British Governments’ cyber spooks as overly complicated and as a result, insecure. It drives bad behaviour, like using passwords like ‘12345’ and changing passwords by just incrementing a number at the end. This behaviour lead to easily crack-able passwords being used by the masses! It has resulted in the top25 most common passwords in the world being:

Password, 12345678, qwerty, 12345, 123456789, letmein, 1234567, football, iloveyou, admin, welcome, monkey, login, abc123, starwars, 123123, dragon, passw0rd, master, hello, freedom, whatever, qazwsx, trustno1

If you are using one of these passwords then do not feel ashamed! You are the victim of a poorly designed practice, which we’re about to drastically simplify and improve anyway.

This system is obviously a complete non-starter. We need something much much more realistic and practical!

The Solution...

As with all my guidance, my focus is on security-without-inconvenience. As such, by the end of this post, you'll learn a method that means you only need remember one or two passwords (or passphrase as we call them!).

I’m going to turn what you currently believe on its head. I propose we never use passwords ever again!

The solution is this...

1. Use PassPhrases Instead of Passwords - makes our passwords super secure and easy to remember

2. Install a Password Manager - securely remembers all our passwords for us (aside from one or two master passphrase we'll use), thus enabling us to genuinely have a unique password for every online account we have! Magic 🙂

What is a Passphrase?

A passphrase is multiple words joined together which create long phrases and because they join multiple words together, it makes remembering them much easier.

How to create a passphrase

Try and pick four words that relate in some way to one another to make them more memorable. Some examples are below;

Hungryyellowpigeon89
FurryBearcalledbob%
blueSkysaresocool123
IlikemynewBrowncoat!
You get the idea!

Their length and the fact we have a few random characters sprinkled in there makes the main password cracking attacks (brute force and dictionary attacks) not possible.

Top Tip: To make them more memorable, include naughty or riské elements (swearing and sexual references for example) as research has shown these can help them stick in your head!

How Long Does a Passphrase Need to be?

Based on current computer power we should be using passphrases of no less than 12 characters long. This demonstrated below by estimates of how long it takes to break certain passwords.

Abcdefghi (9 characters) – 5 days
Abcdefghij (10 characters) – 4 months
Abcdefghijk (11 characters) – 1 decade
Abcdefghijkl (12 characters) – 2 centuries

You can see the exponential effect of adding extra characters to each password. When we start using around 11-12 characters, the cracking tools start to struggle with their length and it makes it too time consuming for hackers to pursue.

The only exception to this is something called a ‘dictionary attack’ where the attack uses exactly what it suggests, huge libraries of common passwords (password dictionaries) to guess words stitched together. Therefore, we need to have the occasional odd character in our passphrases to prevent both brute force and dictionary attacks. This is demonstrated below, again with estimated cracking times against them.

Horse – 25 seconds (5 simple characters)
Hors3! – 1 minute 1 second (5 characters, some complex)
Sadhorse – 1 month, 1 week and 4 days (8 characters)
Happyhors3s! – over 774 million years (12 characters)
Ilovemyb3autifulh0rse – infinity with current technology (21 characters)

What About Mobile Phones?

A four-digit pin code for your smartphone could take under a second to crack! So even for your phone, baby monitor, cctv system, everything, ensure it is more than four digits (ideally a minimum of six digits)! Even visual patterns (popular on Android phones where you draw a pattern with your finger) aren’t as secure as you might think so try and use biometric methods of unlocking devices, such as Apples Touch ID or facial recognition if you can as these are most secure. If we don’t have the option of biometric authentication available to us then we need to use a normal text password.

How do we manage passwords?

The answer is simple - we use software called a ‘Password Manager’. It does all the hard work for us, as they;

  • Enable you to have a unique password for every website (because they do the remembering for you)!
  • Suggest new secure passwords in your internet browser.
  • Autofill passwords so you don’t have to always be typing in the same thing all the time.
  • Set them to remind you when to update your passphrases.
  • Are cloud-based so you can access your passwords from anywhere in the world on any device.

Which Password Manager Should You Use?

Apple Products (iPhone, iMacs, iPads, MacBooks) > KeyChain Access (comes as default with each device!)

Windows & Android devices > 1Password or LastPass

Password managers are controlled by a master password that you remember, so you have only one thing to remember. The only real drawback is that if you forget your master password, it can be painful to recover.

Can I Write Them Down?

Some passwords, passphrases and access PINs may not be able to be stored in a password manager, e.g. your garden gate combination lock or banking login credentials. Therefore, if you’d ever like to write passphrases down on paper we can do so, we just have to follow some key principles when doing so. We’re going to turn a normal password book turn it into a ‘Cryptic Book’ by using the following rules;

1. Obviously, don’t call it a ‘Password Book’ on the front cover! Call it something innocuous that if someone spots it they won’t pick it up out of curiosity! E.g. “Basic Cooking Recipes” or “Structural Calculations”.
2. Never write a passphrase out in full. Always use clues or blanks that you know you’ll remember once you see the prompts so that if anyone reads it they couldn’t deduce them. For example;

Passphrase: Hungryyellowpigeon89
Cryptic Clue: My least favourite bird in my favourite colour but is starving because he never eats breakfast, plus the year we got Alfie the dog.

3. Don’t write which password applies to which account (for obvious reasons!)

How often do we need to change our passphrase?

In June 2017, new guidelines issued by NIST (National Institute of Standards and Technology), who help govern cyber security standards, concluded that the constant changing of passwords is not needed. As long as your email hasn’t been breached (use the www.haveibeenpawned.com tool to detect if it has) then there is no need to change your password every month or so! However, as we can still have our passwords compromised without our knowing, I would still recommend we change passphrases once a year.

As a one off exercise, I would recommend you update your current passwords to passphrases. Update your most common online accounts, e.g. online shopping such as Amazon, Supermarkets, etc., email accounts, apple/microsoft IDs, iCloud, OneDrive, etc.

As you can see, a password manager would be a massive help for you. Get yourself one and let me know how you’re getting on with it?

 

Jonny

Founder of www.SimpleCyberLife.com. Cyber security expert, public speaker and entrepreneur.

www.jonnypelter.com

jonny@simplecyberlife.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Hacked Social Media Recovery Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips. You of course can unsubscribe at any time.

Free Protection Checklist!

Pop your email into the form below and we'll send you the link to your internet safety protection checklists!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Free Cyber Bullying Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips occasionally. You of course can unsubscribe at any time.

Free I've Been Hacked Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Top