![]() ![]() Reusing a password re-opens the vulnerability window for that password. Once a password is compromised, it can be exploited at any point in time, even years later, as Zuckerberg found out. Changing your password on a regular basis may seem annoying, but it’s nothing compared to dealing with a compromised account, identity theft, or credit card fraud.Īlternating between passwords doesn’t have the same effect as changing them to something new each time. This is why high security systems use randomly generated numbers that change every few minutes as part of their authentication model. The more often you change your password, the smaller the window of a compromised password being worthwhile. Going back to Zuck, if his password was obtained in 2012, it has no business still being in use in 2016.Ī simple reminder every six months or even a year would have prevented this old data breach from compromising anything. This step is about reducing the window of damage. If they don’t, it’s always a good plan to change your password regularly anyway. Some services require regular password changes, while some do not. And when you get down to step 5, having separate passwords for every account can be too much to ask with 18 character randomly generated passwords.ģ. Your password should be a combination of at least both upper and lowercase letters and a number (62 unique, reusable characters, with 8 characters in the password means 62 to the 8th power, or 2.1834011e+14 possible combinations…) Include a special character to increase complexity, but make sure that character is supported by the mechanism you’re using, as some are not.įinally, you can find any number of password generators online, which can generate extremely complex passwords. Read our post on brute force attacks for more information. All of the sudden "potato" isn't that great of a password after all. A computer can run a "dictionary attack" against a password very quickly, testing for all real words, of which there are relatively few, compared to the huge number of character permutations possible. Brute force isn't the only method to crack a password. There are 26 lowercase letters, but only 10 digits (0-9), so you can see how “potato” is more secure than “536871” from the perspective of a machine running through different combinations of characters.Ĭommon words. Each character set has a certain number of permutations. ![]() This is why passwords typically have a minimum requirement of 8 characters.Ĭharacter sets. ![]() Each character increases the complexity exponentially. ![]() So how many permutations does it take to get your password? Here are three key factors: If a person were trying to guess your password, they might try ten or so passwords a minute, if they’re fast. Not just any password will do, and the reason why relates to how passwords are cracked. Why go to the trouble of blowing the safe if you can have the bank manager open it up for you? Most *ishing schemes trick you into giving up your password in some way or another. Socially engineering a password out of someone is often much easier than “hacking” their account. Your password is what makes you accountable for the actions taken under your account. Here is a list of some of the people to whom you should never, ever give your password: Ideally, your password should only be in your head and in a hash on the system you’re logging into. Never email your password or store it in a document or write it down on paper. Nobody except you should ever know your password. Do you still use that password anywhere? Our 9 step password security checklist will help you secure your accounts, whether you’re a billionaire CEO or just someone who likes to post funny cat videos. If you have or want a job, chances are you also have a LinkedIn account, and if you had one back in 2012, it was probably one of the compromised accounts from that incident. If this is true, it means that Zuckerberg used the same password for multiple websites, allowing the damage done by the LinkedIn hack to spread into other areas. You might have read about Facebook founder and user Mark Zuckerberg’s social media accounts getting “hacked.” Hacked is maybe not the right word here, since many people believe Zuck’s password was among the 117 million leaked LinkedIn passwords recently posted online. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |