Web Design Blog : Toolkit Websites

Web Design Blog

How secure are your passwords?

If you had broken into the United States nuclear missile system at the height of the Cold War and had it in your mind to – as the popular hacker/paranoia movie War Games had it – play global thermonuclear war you’d have needed to guess a password.

And, if faced with cracking what must, surely, have been one of the most secure systems on the planet you just slammed in: ‘00000000’ then the world as we know it would have ended.

Hopefully that particular procedure is now much, much more secure. But, as the numbers of passwords we need to navigate our online lives multiply so we’re forced into a compromise between safe and memorable.

Safe is a long meaningless string of upper and lower case letters mixed with numbers and special symbols which is unique to one site. Memorable is your favourite football team and the year they last one a title with a zero replacing an O or 1s for Is.

Hackers prefer memorable. Because memorable is predictable and the software they use relies on spotting patterns to crack passwords. Every time there’s a big leak of passwords they celebrate at Cyber Crime University because they can learn more about how we tend to act. And, yes each leak confirms that people still use ‘password’.

According to a recent Guardian article on online security, at 1,000 guesses per second a totally random five letter string can be cracked in three and three-quarter hours. A 20 letter string? That takes 6.5 thousand trillion centuries.

A recent Telegraph piece on the same subject reported that you can come home from any high street store with a machine capable of making 8.2 million guesses a second.

So there’s an arms race on.

It’s clear that following those well worn rules will make your passwords safer and, despite what they say, you may find that writing them down is the only option. If you do, then indulge in a little cryptology yourself rather than creating a document on your desktop called ‘passwords’.

And, be prepared to apply those rules across the board. Even a site that doesn’t seem that big a deal – an online game for example – can be a chink in your online armour. A now notorious hacking attack on a Wired writer was enabled by combining a jigsaw of information from Gmail, Amazon and Apple accounts.

Brian Cheswick, an online security expert, is an advocate of writing down passwords. This will not please your bank and as Cheswick warns; if there’s a key logger on your machine you’re buggered anyway.

Otherwise, he suggests using one of ‘password wallet’ services now springing up like LastPass, 1Password or the freeware Keepass.

Toolkit Websites are expert web designers Southampton, Hampshire, UK. get in touch today and see how we can help your business grow.