Blog

Please Steal My Password

Data security Insider threat

steal this passwordHow many times have you seen passwords attached to monitors on sticky notes?  How about people who use the password “password” or “123456”?  With a lot of us having to work from home because of COVID-19, data security and privacy has become more important than ever, since we are not in the protective confines of an office and many of us may have to use our home computers.

In 2020 we have a lot of great technology to access our computers, tablets and phones.  You can access my phone with my face and your laptop with your thumb, but they are all still based on an initial password.  We’ve all read stories about using strong passwords and how easy it is to guess people’s passwords.  The fatal flaw in the system is that we need something that isn’t obvious, but something that we can remember.  Some of the simplest methods of creating a more complex password is to use upper and lower case alphanumerics plus a symbol.

There is a great site that can help you understand this.  Go to http://howsecureismypassword.net/ and type in combinations of letters, numbers and symbols to see what it tells you.  Another great site to help generate a stronger password is https://www.safetydetectives.com/password-meter/.  These are not foolproof methods of choosing a password, but will give you a good idea of what is secure and what’s not.

Here are a few examples.  If you use “password”, a person or program will crack my password and access my information in seconds.  If you add some symbols into it and use “pa$$word”, it would take a desktop PC about 3 minutes to crack it using a brute force attack.  If you add a capital letter, a few symbols and a phrase  after it to make it “Pa$$wordiseasy123”, it will take more time to crack than the history of the universe.  You can see by adding some simple variety the job of stealing your password becomes harder.

Here are a few easy to remember tips for passwords:

  1. Don’t use a simple word or phrase, like password or 123456
  2. Use at least 10 characters, but preferably 12 or more
  3. Use upper & lower case letters, numbers and symbols in your password
  4. Use something that you can remember, so you aren’t tempted to write it down
  5. Don’t write your password on a sticky note and put it on your monitor

There are many systems, such as biometrics, smart cards and single sign on systems based on SAML and OAuth, that are more sophisticated than using passwords, but many of these still use passwords as the basis for them.  Fortunately these are becoming more ubiquitous across computer systems and websites, but the simple password still rules.

Until we come up with another authentication system as simple and ubiquitous as the password, we are stuck with them.  Make sure you use a little common sense when choosing yours.  Here are some more tips on choosing a strong password.