riskWeak passwords

Imagine a vault encased in thick steel walls, inside a building with a state of the art alarm system with guards and dogs patrolling the 4m high electrified perimeter fence. Now imagine that a master key capable of opening the gate, front door and vault can be bought for R10 at the local hardware store. This is what happens when you choose a password like: P@ssword123

targetHow does it happen?

Google ‘password list’ and the third result is a list containing 1,493,677,782 passwords. These lists are compiled from real passwords that were leaked at various times. As a bonus, it includes the words from every wikipedia post and ‘a lot of’ the books from the Gutenburg library.

Now, your bank has strong security and won’t allow a hacker to try more than a few of the passwords in the list. But what about every other account you’ve signed up for? Those other sites could have dreadful security. So if you’ve ever used the same password on one of the insecure sites… voila, they have access to your banking.

The situation is even worse if you are ever specifically targeted. We increasingly share information about our family relationships and interests on social media. This information can be used to refine the list of potential passwords by adding in the name of your spouse, children or pets.

solutionWhat can I do?

  1. Consider using a password management tool like LastPass. People tend to use the same password everywhere because we simply have too many accounts to remember a unique password for each one. A password manager allows you to use a very secure, unique password for every account without having to come up with it or remember it. You only have to remember one decent password in order to access the password manager itself. The drawback is that if the password manager is compromised they’ll have access to all your accounts, but consider that the password manager company is heavily invested in security and that a total compromise is likely anyway if you share passwords across accounts.
  2. If you do need to come up with a password try using a few unrelated words strung together as suggested by this cartoon.
  3. You may find it easier to remember a long passphrase like ‘Irunfor2mileseachday’ which can be fairly secure if you avoid obvious phrases and don’t use repetition.