By John Tito
“123456” is the most commonly used password this year. It can be cracked by a password cracker in under a second. It’s nice to see that we now live in a world where “password” is only the 8th most common password used today. End users are getting smarter about their password security, but password crackers are already one step ahead.
This week, a new version of Hashcat (a free to use password cracker) enabled its users to crack passwords up to 55 characters in length. Your dog’s name followed by the year your first child was born is no longer a secure password.
Password crackers are programs designed to “brute-force” passwords. Brute-forcing a password is a method that involves “guessing” random passwords until a match is made. Nowadays, these guesses are not made totally randomly. Developers of this software notice trends in passwords that users create (such as a name followed by a set of numbers) and try these first. Many different types of cracking software also guess these same passwords using “leetspeak”, for example, instead of using “password” as your password, some users may choose to use something like “P4$$\/\/0R[)” or another variant that is similar to a common word visually, but uses a different set of characters.
New versions of cracking software not only use online dictionaries to guess words, but also websites like Wikipedia that provide words in many different languages, variations of words, slang terms, common human and pet names, and adages as part of their guesses. Theoretically, a password cracker could run until every possible combination of keystrokes is attempted, guaranteeing access to your account.
Once a password is cracked, especially in a business setting, retrieving additional passwords is often easy. Some offices believe storing passwords in one central location is unsafe, and therefore use a password convention to allow easy access to user accounts for IT services. The problem here is that if a hacker cracks one password and notices this convention, he or she now has access to all of the passwords in the office. Additionally, a cracked password is not only tried on the account it was cracked on, but also any account the person that cracked the password believes the victim may have. Using the same password for multiple accounts is unsafe for this reason.
So how can you keep your passwords safe from cracking software?
- First, use strong passwords that are totally random and utilize special characters like these: “!@#$%^&*()”.
- Change your password often.
- The more unpredictable you can be with password changes, the better.
- Use a different password for each of your accounts, and utilize services that can store these passwords in case an attempt to brute-force is made to detect these attempts immediately.
If you have questions about password protocols and improving security, contact us for more information on getting ahead of cyber threats. Call 312-474-9400 or email email@example.com!