We all use passwords in our everyday lives. Be it for personal banking or for work, the question ‘how safe is your password?’ is one that is pertinent to all of us. Given the fact that cyber-crime is rising, can you honestly say that you are not an easy victim in-waiting?

How long would it take to ‘crack’ your password?

The diagram below gives a great indication of how safe you actually are. Try it – what is your ‘score’?

How safe is your password? These are the times it would take to ‘crack’ a password with the specified parameters

Anything other than ‘Instantly’ is what you are looking for but our guess is the majority will fall under a matter of ‘mins’ or ‘hours’. This is of course a concern. The next mistake all too many make is to assume they will not be a target. However disconcerting, you must think the opposite. We are all potential targets for cyber-criminals. It is our belief that all information security companies and cybersecurity consultants have a duty to increase cyber awareness. Therefore, we will now lay out some guidance as to how passwords are hacked and how you can take steps to minimise your risk.

How are passwords hacked?

There are many ways this can be achieved, with the simplest method being via the dark web. That’s right, cyber-criminals can purchase your passwords – especially if you have used the same one for many years. You can check to see whether yours may have been leaked with this great tool from Avast. Just enter your email address and you’ll instantly receive a report showing which platforms are compromised that you can then use as a guide.

Hackers also deploy tactics such as brute force attacks, dictionary attacks and phishing. The first sees attackers trying to guess different character combinations until they discover yours. The second is less a random hunt, with attackers using prearranged word lists in their quest. If you have opted to include regular words, you may be susceptible. Phishing uses social engineering techniques to trick you into revealing your details via email or by entering them into fake websites. Remember, never click on a link if you are unsure as to its validity or the identity of the original sender.

You can also use this tool from Security.org to check the strength of your passwords. Password managers are a great idea and worth using to give yourself further protection. Alternatively, we’ll now provide you with some tips on how to create a robust set of passwords.

Creating a strong password

Follow these tips to stay secure online:

  • Do not use obvious words or character combinations

The most obvious example of this is when people use the word ‘password’ or variations of that with numbers. For example, ‘p4ssw0rd’ – this may seem silly but you’d be surprised at how many people have deployed something similar over the years.

  • Keep your personal information out of your password

No date of births or anniversaries please and certainly no names – even if it is a middle name that you are sure remains a mystery. The chances are, your full name will be available online somewhere. Once again, this might be hard to believe but the top 10 weakest passwords are as follows:

123456 | 123456789 | qwerty | 111111 | password | 12345678 | abc123 | 1234567 | password1 | 123123

It goes without saying that you should avoid using any of these or slight variations! Other tips are to make your passwords long, with a good mixture of different characters. Also, do not use common keyboard paths, i.e. No sequential characters. Finally, try to avoid using substitutions – as with our ‘p4ssw0rd’ example.

How safe is your password?

Perhaps your answer 5 minutes ago was 1-6 minutes but hopefully you have seen enough to make a change. The cyber security experts at CRIBB would certainly encourage you to aim for passwords that take years to obtain. Never forget that we are all potential victims – let’s not make cyber-criminals lives’ any easier.

CRIBB Cyber Security adopts a security by design approach in everything. As part of theICEway ecosystem, we’re very proud to advise organisations large and small on IT security. We help with certifications and can also offer penetration testing and vulnerability scans. These are very useful tools in the on-going battle against cyber-attacks and data breaches – contact us for more information. We’re also keen to hear your thoughts in the comments section; did you find this article useful? Will you be taking steps to improve your own approach to cyber security?

Have you ever considered using a passphrase rather than a password? Next week we will discuss the difference between these and look at the benefits a passphrase can provide…