A few months ago Russian hackers managed to gain access to more than 6,5 million password hashes from LinkedIn. For most of the LinkedIn users the result was that hackers could access all their private data within seconds. For others this security breach will not have any consequences for the next 700 years or so… It all comes down to one simple factor: how safe is your password?
What is a password hash?
First of all, LinkedIn didn’t loose your password; they lost your password hash. When you sign up to a new website, they will run your password through an irreversible mathematical algorithm that gives your password a unique hash. The website will not store your password, but the unique hash that represents your password. When you revisit the website, they will simply run your password through the same algorithm and see if it creates the same hash that they have in their records. Brilliant isn’t it?
Size does matter!
The password hash solution has one weakness, and that weakness is unfortunately the human factor. If you know the password hash, you can try to guess different password alternatives and see if this creates the same hash. If you use a computer to do this “guessing” for you, you have something called a brute force attack. A relatively cheap home computer will be able to “guess” about 500 million alternatives per second, and that means that ANY password with 6 or less characters can be hacked within 7 seconds. If you increase the length of your password to 12 letters, a modern computer will need 777 years to guess your password. Hence, the length of your password is the most important security measure.
Welcome to the dark side
Believe it or not, but Darth Vader is one of the most commonly used passwords on the Internet. For any hacker software this password is an easy match. The password darthvader1234 has 14 characters, but will still be possible to guess within seconds using the right software. This is due to the easily recognizable combination of a dictionary word and a logic number combination. If you want your password to be secure, you should stay away famous persons, favorite movies, and simple words in combination with a number etc. Advanced hacker software is designed to look for frequently used password combinations and patterns. The best advice for creating the perfect password, is to use a sentence that is easy to remember but impossible to guess; for example “Ilike2drinkcoffeeinthemorning”.
Passwords are like bubblegum
Once you have the perfect password, remember that passwords are like bubblegum;
- They are strongest when fresh
- They should only be used by one person
- When their left laying around they will create a sticky mess!
Want to know more about password security? Please contact our TECH team.
Lighthouse8, Business Engineering
The post Passwords are like bubble gum appeared first on Lighthouse 8.