A Password Guide: Tips to Create a Strong Password

Password box on a webpageIt’s no longer a question of if you will face an online attack, the question is when? Many people are convinced their data is secure as they are using what they consider to be a complex password. They are often mistaken.

There are now freely available password crackers that can tackle passwords up to 55 characters long, passwords that are far more complex than most of us are using. Here are some top tips on how to create a strong password and avoid getting hacked.

  1. Password length – stick to passwords that are at least 8 characters in length. The longer the password, the longer it will take a hacker to guess.
  2. Password complexity – ensure your password contains one lower case letter, one upper case letter, one number and one special character. This will make your password a lot stronger and harder to crack. Avoid using names of family, friends or pets. Don’t use personal information such as date of birth, phone number, street name or house number and do not use consecutive letters, numbers, or keys on the keyboard such as ‘qwerty’.
  3. Use a passphrase – in order to remember your passwords, use a passphrase. For example, use the first letter of each word in a line of your favourite song. ‘Always look on the bright side of life’ could be converted to ’Al0tbs0L!’, a strong password using the four complexity indicators. Don’t simply use number substitutions for letters eg.passw0rd this is far too simple for an advanced hacker.
  4. Use a password manager – many people avoid using complex passwords are they are often hard to remember. Using a reliable password management tool to store passwords is essential. When you create a password, enter it into the password manager which will encrypt it and store it for you. Many of these software programmes are free, easy to use and work on both Windows and Mac.
  5. Create unique passwords – it’s very tempting to use one password for your email accounts, another for your banking, and one for all of your social media accounts. A study by BitDefender shows that 75% of people use the same password for their email as they use for their social media accounts. If this password was discovered and it was also used for their online banking or Paypal account this could result in financial theft.
  6. Change your password for all accounts every six months – the longer your password has remained the same, the more time a hacker has had to crack it. It is recommended to change your passwords often, at least twice a year but the more often the better.
  7. Never write down your passwords (except in a password management tool of course) – this includes both paper and emails. Writing down your strong password is almost as bad as having a weak password and not writing it down at all.

To be extra secure, download Strong Pass now

2 Million Passwords Hacked: Only 22 Percent Were Strong

Password security analysis of the 2m compromised accounts, from SpiderLabs, a division of Trustwave.

Password security analysis of the 2m compromised accounts, from SpiderLabs, a division of Trustwave.

A massive Pony malware bonnet successfully stole 2 million passwords from users of popular online accounts like Facebook, Google, Yahoo, Twitter and LinkedIn.

This automated hack which has been going on for the past month was unearthed by web security firm Trustwave, the media is reporting. Abby Ross, a spokesperson for Trustwave went into more detail about the hack with Mashable: “Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers, as well as by capturing them when they are used to log into web services.”

It is widely believed a criminal cyber gang was responsible. Two of the website where passwords were stolen were popular Russian social networks, vk.com and odnoklassniki.ru, and the data cache that was uncovered was written in Russian.

There are numerous potential financial repercussions. If any of the passwords of the users are the same as the login details of online banking, store or credit card accounts then it gives a cyber gang access to peoples finances. Rather disturbingly, payroll service provider adp.com (Automatic Data Processing, Inc. – ADP) was number 9 on the list of top domains, which moves $1.4 trillion around in payroll and other transactions every year.

Equally shocking, if this random group of two million is indicative of the population as a whole, Trustwave uncovered a high percentage of poor quality passwords. Six percent were ranked as terrible, 28 percent merely bad, and 44 percent of medium strength. Only 22 percent (17% good and 5% excellent) could be classed as being strong.

Trustwave explained that, “In our analysis, passwords that use all four character types and are longer than 8 characters are considered “Excellent”, whereas passwords with four or less characters of only one type are considered “Terrible”. Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good.”

Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%). The geographic spread was worldwide, with no one country being targeted. The server which was found and taken over was located in the Netherlands, although it is believed that isn’t the country where the attack originated from.

All affected parties (both web companies and end users) have been contacted and password resets are taking place. Spokespersons for Facebook, Yahoo and others affected urge users to set strong passwords.

Attacks never stop coming. Protect yourself now, with Strong Pass.