Passwords themselves aren’t necessarily anything special — they’re just strings of characters that we humans type into boxes. But when you add some basic security measures around them, passwords can be extremely useful. For example, if someone intercepts your login credentials, they won’t be able to log in unless they know the exact string of characters that corresponds to your account. Also, by using a strong, random number generator (like Roboform), attackers’ efforts at guessing passwords becomes exponentially harder, not easier.
This is How Hackers Get a Hold of Your Passwords
If someone breaks into a website and gets access to their client database containing user login names and passwords, they usually get only the hashed values for each account. They must then try to match these hashes to those stored in their database(s). The process of trying out various username and passwords is called “brute forcing”. A common method used to perform a brute forcing attack is to attempt to guess the correct username and passcode until one matches a known entry in the database. Because of the sheer size of the potential data base, which is the entire internet, this can take a very short time or a very long time.
A dictionary attack uses common words found in English language phrases to guess passwords. If the word combinations don’t match any existing user accounts, then they’re added to the database for future use. The goal is to eventually, gain access to your password(s).
How Complex Should My Password Be?
So how long and complicated should your password on a website be? Ideally, it should be “as long and complex as possible.” Advances in cloud computing make it cheap for hackers to lease incredibly powerful password cracking machines. A physical machine that costs over $20,000 could be rented for just $7.20 per hour in Amazon’s EC2 cloud. So if you’re creating a new username and passcode for your online banking, you might come up with something like this T9wY&DX2jY4QZ^. And of course committing it to memory will be a piece of cake! So to help remember your new rock-solid password, you save it in a note on your computer and copy and paste it on other websites that require you to login. Brilliant right? Using the same username and password to online sites leaves you vulnerable to hackers accessing your accounts which could lead to identity theft and irreparable financial problems turning your life upside down.
We recommend using a service that can save your usernames and passwords and generate complicated passwords automatically like Roboform or LastPass. You can review other recommended password managers at CyberNews.
