Password Hacks: Strength in Numbers (and letters and symbols)

It’s the end of a long workday – time to head home! Pack up your things, kill the lights, and latch the front door with Velcro.

Sounds ridiculous, right? You would never use Velcro to secure your business for the night – anyone could break in. Instead, you have sturdy locks and maybe even access control.

We go to great lengths to prevent physical break-ins, however often do the opposite when it comes to preventing digital break-ins. Online, we guard our critical information with passwords. But unfortunately, many passwords used today are about as secure as that Velcro.

Know Your Enemy

To understand why it’s important to use strong passwords, it helps to know the techniques used to break them.

Sometimes, an attacker can access your account without any special tools. Perhaps they found your password on the Dark Web, and they guess that you re-use it (this Mashable article says, “Basically everyone reuses their passwords.”). They may also try personal information such as your birthday or your pet’s name (freely available via social media) until they get a hit.

Hackers can also use computer-based tools called password crackers for things like:

  • Dictionary attacks first try the most statistically popular passwords, then move to the full dictionary until they find a match. They can determine dictionary words and other patterns.
  • Brute force attacks try alphanumeric character and symbol in many possible combinations. Brute force crackers can take a long time to run, but are exhaustive.

Be Strong

With these attack methods in mind, here are some tips to create a strong password:

  1. Avoid personal information. It’s just too easy to guess. What’s more, dictionary attacks sometimes use a compiled personal information database to more guess passwords.
  2. Make it long. When you add characters to a password, the number of possible combinations for a brute force attack grows exponentially. Experts recommend at least 13 characters, but this recommendation will increase as brute force attacks become faster and more advanced.
  3. Don’t recycle passwords. It’s important not to re-use a password, no matter how strong. If one account is breached, the first thing an attacker will do is try the same login for other, potentially more critical, sites.
  4. Use Passphrases. A long, strong, and memorable passphrase is one great method. For example, use a string of unrelated words, ideally with extra characters (e.g. “hammer-jumping Fuzzy Creator”. Or try a longer sentence like, “I want to eat some cotton candy!”. And you can find a whole lot more from ConnectSafely.

Don’t Forget

Consider a secure password vault to store and manage your passwords in one place (many even offer a password generator to take the headache out of password creation). And make sure you protect the password vault, as well as your other important accounts, with two-factor authentication as an added layer of security.

Now get creative, and come up with a formidable password. Have some fun with it, just don’t tell anyone what it is!

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage is sure to enter the discussion. Maybe you’ve already delved into this topic, as cyber insurance has become an essential cornerstone of every information security program. Many overriding factors will affect your ability to obtain and retain the coverage you need at a reasonable rate—and a successful approach is tied closely to a comprehensive cybersecurity posture.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.