Do you have a safe password? Find out if you are choosing a good one
Choosing a safe password became one of the most common issues against the security and privacy of thousands of users around the world due to hacking. However, in many cases, the users themselves are those who facilitate the work of crackers to steal their login credentials. Not choosing a good password is like leaving your car with the keys in it waiting for a thief to take it. Do you know if you have a safe password? Find it out here.
- 17. 10. 2018
- 6 min read
A group of researchers from the Department of Computer Science of Virginia Tech conducted an experiment to discover what are the most common mistakes made by users when choosing a “safe password” for different types of online services. To do so, they used their own computer algorithm that allowed them to decipher more than 60 million passwords.
Basically, the two objectives of the study were to understand how users reuse and modify their passwords in online services and quantify security risks by reusing the password and subsequent modifications to the data breach. Maybe you are among the users who make these mistakes.
Error 1: Use the same password in different services
According to the investigation, approximately 38% of Internet users have reused the same password to access two different services, while 21% modified the same password.
With so many online services that ask users to register a password, it is not surprising that users decide to use a single password to log in. The reasons for this are several: from laziness to difficulty remembering several passwords or even fear of forgetting them.
However, reusing your password is the same as generating a master key to open all the doors of your house. Crackers are aware that people reuse passwords quite often, so for them become a piece of cake to figure them out.
Implications of password reusing and recycling
According to the results of the Empirical Analysis of User Passwords across Online Services, conducted by the Department of Computer Science of the Virginia Tech, the way users recycle passwords is scary as they state in their results:
“More surprisingly, we find that “email services” contain the second-most reused and modified passwords. This result has more serious security implications. First and foremost, an email account can be used to reset the password for other online services (e.g., banking accounts). Many of the online accounts will be in danger if the user’s email account is compromised. The ratio of reused email passwords is over 62% and the ratio of modified email passwords is an even higher 78%. Noticeably, our observation contradicts with the results from a prior user study (154 users) [24], which shows that “email” is among categories with the least password reuse”. Virginia Tech
Error 2: Create passwords with sequential keys
To make passwords easier to remember, users usually create sequential passwords. This means choosing adjacent keys on the keyboard. For instance 123qwer. It is also common to choose keys in alphabetical or numerical order: abcd, 1234 or 1212.
Such kind of non-safe passwords was studied by the team of researchers at Virginia Tech. Their guessing algorithm just needed 10 attempts to decipher them which demonstrates how easy is to get them.
Do you know that...?
You can best secure your servers by placing them in a data center. In Master Internet, servers are protected on various levels – we offer a professional firewall, reliable anti-DDoS shield and nonstop monitoring by experienced technical support.
Error 3: build words with letters and numbers
Did you ever think that a safe password is similar to l0ve, pa55word or Iloveyou2? If you think that a password like this will confuse the crackers think twice. This is not a barrier to programs specialized in brute force attacks like John the Ripper. So forget about that 4you password for God sake.
Error 4: Use brand names, movies, soccer teams, and musical bands.
Among the worst passwords to choose, are those that include the names of international brands such as Marlboro, Amazon; names of famous movies like Kingkong; names of Football and American teams such as Vikings or Chelsea, and also names of bands and famous musicians, for example, Zeppelin or Eminem.
Therefore, it is better to reserve your likes and homages to these brands, teams, and bands for something else except your password.
What is a safe password?
Edward Snowden, the famous former CIA employee, accused of copying and leaking classified information from the NSA in 2013, said in an interview with John Oliver in Moscow that the best idea for a safe password is a whole phrase that a computer just can’t figure out immediately. His suggestion: margaretthatcheris110%sexy.
Recommendations
- If one of your passwords has been hacked and you use it for other services, is better to reset the passwords of those accounts immediately. The attacker will try to kidnap those accounts sooner. Most users reject this obvious step and persist in keeping the hacked password in their other accounts.
- Use different passwords for buying online. If you use the same password to log in in different online stores, the risk to become a victim of electronic fraud is enormous. Especially because online shops generally offer their customers the option to store in their system confidential data such as credit card numbers and address to facilitate purchasing.
- Be careful when building a safe password for your email account. Since many online services use your email account to reset or modify passwords, if your email account is hacked, you could lose access and control to other online services.
- If you are going to modify your password, do not keep the same structure as the previous one. It will not help if you change a single number or letter in the new password. Security experts found out that what makes a user more vulnerable is to reuse passwords or modify them slightly.
For more information, check out the list of the 1000 most common passwords and the interesting articles of IT security analyst Mark Burnett, who has been collecting the most insecure passwords in the world for several years.
