Tips to improve your password security

The movies might portray a hacker trying to access an account by guessing a password. In reality however, programs automate the process for criminals – allowing them to upload password breaches and dictionaries full of words into huge databases, so that these can be used in what are called ‘Brute Force’ attacks.  This is where a computer program tries millions of combinations of passwords until it gets the right one. 

When ‘simple’ passwords are used (for instance, short/alpha-only/dictionary word passwords, such as ‘holiday’ or ‘password’), it’s an easy and near instantaneous matter for even low-tech computers to crack them. It takes very little time and resource (a cybercriminal dream come true!) which means that more criminals have the ability to try this.

However, when long, complex passwords/passphrases are used it’s another matter.  It would take even an advanced ‘super’ computer thousands of years to be able to cycle through the combinations needed to crack these.

Once you have a strong password, it is tempting to use that to protect all of your accounts. However, this is not a good idea. It is a very predictable human behaviour.  Which is why, if your ‘strong’ password is cracked or leaked (and millions are, every year), automated programs will be trying it across thousands of online accounts. This makes it not only redundant, but actually increases the risk of more accounts being compromised. Passwords only remain strong for as long as they are a secret.

(TIP: check in here to make sure your passwords have not been leaked online)

While it may seem as if there are a lot of words in English (over 300,000 according to Dictionary.com), these are a standard part of a ‘dictionary attack’ program, and take very little time to work through – therefore, never use single words (Holiday, Friday, Weekend, Password etc) as a password!

Note: ‘dictionaries’ and ‘rainbow tables’ (databases of pre-populated combinations) used in attacks are also updated with prefixes/suffixes (for example, years, numbers, commonly used/substituted characters such as ! or *;@ for ‘a’, 0 for ‘o’ etc. They really do think of everything, these criminals!).

See also: Top 200 most commonly used passwords

TIP: Passphrases, not passwords! Combining a random string of words (as well as numbers, mixed cases and other characters), ensures a much stronger ‘passphrase’, and make it more likely for the owner to remember it.

For example: “candle” as a password would be considered very weak. “digitopencandlefridge” – a long, random combination of words - would be considered a strong passphrase. However, “DigiT42openCand!eFridge9” would be stronger still .

There is no value in having a password that takes a million years for a computer to crack, if it is written down for someone to see it and copy it.