How To Create A Strong Password
by Jo Shaer, on April 19, 2013
As revealed in my recent post about the Wordpress Brute Force Flood Danger, many websites and blogs are at risk at the moment because of insecure passwords.
But it's more than that, I regularly get people coming to this website using the search term gmail or hotmail account hijacked or hacked and twitter account hacked. Invariably these are because their password was not strong enough.
How to Create a Strong Password
The image at the beginning of this post is taken from a great infographic about password security and how long it takes hackers to break them.
Too many people choose the name of their grandchild and some numbers that mean something to them and it is far too easy for hackers to access this information through social media profiles and gain access to a lot more personal stuff about you than you ever intended.
Remember, you may think you're sharing with friends but stats have shown that as many as 40% of the average Facebook user's friends could actually be people they have never met before and actually only accepted because they had a mutual friend - who they also might not actually have ever met! You're given strangers access to a lot of personal data that could be used against you!
Memorable or something more complicated?
When you're deciding how to make a strong password, it is far better to choose a phrase that means something to you but to no one else and which is not plastered all over Facebook - like I Love Fishing! Take your phrase and then add or replace upper and lower case letters, numbers and some symbols. Make it something that is easy for you to remember but which no one else could guess. Great. Or is it?
The recent update of worst passwords of 2013 by Splashdata suggests that even this approach is not safe enough. Apparently,
even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology
Yipes! That's nasty.
[Tweet "Creating STRONG passwords - here's how"]
So the best bet is to, use a Password manager like KeePass. These managers, not only allow you to store your passwords safe in a database, but will also help you to produce combinations of letters, numbers and symbols that are hard for a hacker to guess because there are no clues and no patterns. I know that means that you won't be able to remember those so easily but KeePass can be programmed so that it types in the url that you require to log in and autotypes the username and password that it has stored.
Now that seems a far simpler solution!
But there's more to worry about...
However, there is just one more fly in the ointment. If you have managed to download a Trojan horse in the form of a keylogger, then you are stuffed - unless you have gone outside the default version of KeePass and activated Two Channel Auto Type Obfuscation.
Many people think that they will not encounter such a thing if they steer clear of porn sites. However, some innocent websites also get attacked by hackers who leave them a present that can be given again and again to the unsuspecting visitor. The Trojan Horse key logger downloads itself onto the visitor's computer and proceeds to note every keystroke they make, gobbling up passwords and log in information all the time.
Some hackers deliberately set up phishing scams by sending emails containing a single link - click on that link and you've just got yourself a whole lot of trouble! That's usually how the gmail and hotmail accounts get hacked. And there was a similar scam running on Twitter recently.
The best way to protect yourself from these intruders is to run anti virus software like Kaspersky which will back away from sites which try to download unauthorised information.
But what when a major social media platform gets hacked?
Of course there is not a lot that you can do when a social media platform like Linked In gets hacked and all the password information in their database is snaffled by hackers. Each time this happens, the global hackers add these to their database, giving them even more stats on the behaviour of internet users around the world when it comes to choosing a password.
As was shown in this infographic on passwords from the LinkedIn by Mashable, far too many people use consecutive numbers or obvious words.
We need to give our password choices a lot of thought if we want to ensure our internet safety.