If you’re still using the same password that you chose for your AOL account back in 1998, it’s time to upgrade to a high-security password that uses a healthy mix of numbers, symbols and letters.
How Hackers Exploit Simple Passwords
For hackers, simple passwords are easy to exploit. A capable hacker can use utilities to guess every word in every dictionary within a few seconds, including obvious substitutions (for instance “f1sh” for “fish”). They can also use blunt force tools to check short strings of random characters.
Of course, many password systems recognize blunt force attempts and lock out users after multiple incorrect passwords. However, some hackers won’t need more than a few attempts, especially if your passwords use personal information like your name, date of birth, favorite book or other information.
Good passwords have from 8-12 characters with a mix of upper and lowercase letters. You should develop a mechanism for remembering them that isn’t directly related to the word. For instance, if your favorite author is Steinbeck, you might assign numbers to every third letter (A is 1, B is 2 and so on) and capitalize every second letter in the new sequence. This would lead to a password like sT5iN2eC12. You can remember this password or at least figure it out very quickly, but it’s secure enough to protect you.
You should also vary your passwords. Do not use the same password for your Facebook and your company’s administration software. This practice invites serious security risks. Hackers typically look for the simplest way to bypass security systems and know that most computer users rely on a single password to protect all of their accounts. By remembering three or four passwords, you will prevent a single password breach from affecting all of the networks, software and websites that you access on a regular basis.
System administrators should make sure that their networks aren’t compromised by a single password breach. On any system with more than a few users, somebody will eventually choose a weak password that hackers can exploit easily. Unfortunately, most people simply don’t think about passwords as an important component of IT security, but without a good password, other security technologies will fall short of protecting their users.