Passwords: How secure are yours?

Next story

Everyone has passwords everyone needs them. But how good are you at making secure, difficult to guess and difficult to crack passwords?


A survey from 2012 suggests that the average minimum number of private passwords that a person needs to remember is 17. It doesn’t state whether these are unique passwords, as in completely different per site, but let’s assume they aren’t because most folks don’t use unique passwords per site.

It’s fairly common for people to either have one password they use for everything, and perhaps change slightly per site, or have a set of passwords that get cycled.

This is obviously a no-no. Good password hygiene protects you in the long run, but there is the fundamental problem that you have to remember 17 completely unique passwords and that number is only going to grow.


How hackers attack passwords


Hackers have many tools at their disposal when it comes to cracking passwords: they could look over your shoulder, seriously, or perform a dictionary or brute force attack for starters.

A dictionary attack means that a computer literally goes through the dictionary and tries each word as a password. This can get more complicated and include multiple words, phrases from popular books, or even common phrases.

A brute force attack is exactly what it sounds like: a computer methodically goes through every combination of letters, numbers, symbols, essentially any character at all, until it finds the right combination.

Another, and currently quite popular, method of attack is social engineering. This means that a hacker or computer tries to “guess” your password based on what you talk about online.

For example if you talk about Batman, subscribe to Batman forums and newsletters then logic dictates that your password may somehow involve Batman.

This is obviously highly fallible but it could provide a better starting point for a dictionary or brute force attack.


How to make a secure password


First things first don’t use “password1” or “abc123”, now that’s out the way let’s continue.

The method that we recommend can be found in our Staying Secure section, specifically “How to Create a Safer Password”. It’s a very helpful little guide on making a very secure password, but it does leave you with the issue of remembering a complex string of characters.

One possible way to get around that is to use a password manager.

Password managers, manage your passwords, some even help you create passwords. Basically you plug all of your passwords into the password manager and it will log in or display your passwords as and when you need them.

The obvious problem with this is that if you forget, or someone finds out or steals, your password manager’s password then you’re in a rather sticky wicket. The advantage is that you only have to remember one super complex password rather than 17 super complex passwords.

For now I’ll leave you to think about how secure your passwords really are and show you this last piece of advice, in comic form thanks to the lovely people at xkcd.