If you are concerned about keeping your user accounts secure, and access to sensitive business informaiton under control, then the strength of passwords is incredibly important.
Hackers use tools that automate the password cracking process by running through all possible combinations until they find one that works. For example, they may start with a, then b, then c, etc. until they get to z. If your password is not one of those, they'll try aa, ab, ac, ad and so on.
Password cracking tools are able to run through all of these combinations very quickly. If your password contains the minimum 6 characters and you use all lowercase letters, it will take a maximum of 308,915,776 attempts to find your password (26 x 26 x 26 x 26 x 26 x 26), and that's only if your password is the last combination remaining after every other combination has been tried. That might sound like a huge number which would surely take a long time, but a basic password consisting of all lowercase letters can be cracked in as little as 0.29 milliseconds.
Each extra letter added multiplies the number by 26 again, but where you can really make your password hard to crack is by using a mixture of upper and lowercase letters, as well as numbers and symbols. Upper case adds 26 different characters to the equation and means the maximum number of attempts needed to crack your password is now 52 x 52 x 52 x52 x 52 x 52 for a 6 character password. Add numbers, symbols and lengthen your password to 12 characters, and the number of attempts needed to crack it starts getting astronomical (like a 1 with 30 zeros after it).
Even a Strong Password Can't Completely Protect You - Why You Need Another Layer of Security
No matter how strong you make your password, there's always a chance someone could find out what it is without needing to use software to crack it.
- A study revealed two in five people have written passwords down. This is a great way for them to get into the wrong hands.
- An online service you use could get hacked exposing the password you've used there too. This is low hanging fruit for cyber criminals who will try these login details on other services (tip: don't reuse passwords like 55% of people).
- A cyber criminal could even befriend you on Facebook and shorten the password cracking time by configuring their software to first try passwords containing your wife, children's or pet's names, or the name of your favourite sports team.
- A cyber criminal could try resetting your password and correctly getting through your security questions.
- You could connect to public wi-fi and unknowingly be observed by a "man in the middle" who could track your keystrokes.
- Similarly, if you already had malware on your device, your keystrokes could be logged and passwords exposed.
To really ensure your accounts are secure, you should be using two factor authentication.
Two factor authentication means a second method of veriification is needed to log in to your accounts, in addition to your username and password. This is usually something you have - meaning to log in you need something you know (password) and something you have.
The "something you have" is often a code generated on a token that you keep with you. When you're ready to log in you press a button on your token and it displays a unique code which will only work for a short period of time (like 30 seconds). You enter this in a separate field when logging in. Once it's been used, or once the time elapses, the code generated by the token no longer works and you must generate a new one the next time you need to log in.
A token can even come in the form of an app on a smartphone linked to your account. A code used alongside your password to log in is generated within the app. Other forms of verification send a notification to your device asking you to approve the login attempt. If you wish, a code can be sent to you via SMS instead.
Using two factor authentication greatly increases the security of your account. Even if a cyber criminal knows your password, they still won't have a chance of logging in unless they can steal your token or phone as well.
Get more cyber security tips!
We've put together an easy to read, short guide packed with over 50 tips to help you keep your business cyber secure. Get it by clicking the button below: