Passwords are not hacked by a person anymore; they are hacked by software. Learn how to create the most secure passwords by using passphrases instead.
October 25th, 2019 • Buildable News & Resources
Passwords are not hacked by a person anymore; they are hacked by software. The days of hackers sitting at a computer, furiously typing into a DOS-like interface, and trying to guess your password via cross-site scripting are over. Anyone can download password hacking software for free and become a “hacker”—it’s never been easier.
While this is certainly unsettling, the experts at the recent Cyber Security for Manufacturers event from Oregon Business have recommended a simple trick for increasing the security of your login information.
In this article, we’ll cover the difference between a password and a passphrase, and why you and everyone you know should be using the latter.
A password can only be created with inputs from a keyboard. To a password hacking algorithm, all it has to do is create every conceivable outcome from available keyboard strokes. It’s similar to a permutation in mathematics. The more numbers in the permutation, the more possible options and numbers, the more difficult it gets to compute.
A password’s length is its best defense against a hacker. The password “football” is just as secure (or insecure, we’ll get to that) as “F00tBalL”, which is just as secure as the password “(#f^{lp1”. The total number of characters is the same. Therefore, the hacking algorithm only sees 8 total characters. The algorithm doesn’t care if you wrote it in perfect English or put a random string of numbers and symbols together. The only thing that matters is the length.
What’s nice, though, is that the time it takes to hack your password increases exponentially with each additional character added to the password. Here’s an estimate from Fortune on how the numbers break out:
Length of Password | Time to Hack |
---|---|
4 characters (asdf) | 5 hours |
5 characters (asdfg) | 5 days, 10 hours |
6 characters (asdfgh) | 4 months, 21 days |
7 characters (asdfghj) | 10 years, 2 months |
8 characters (asdfghjk) | 264 years |
9 characters (asdfghjkl) | 6,886 years |
10 characters (asdfghjklm) | 179,055 years |
So, the longer your password, the better. But what about those randomly generated passwords from your IT person? Those tend to be quite long and, unfortunately, near impossible to remember.
To avoid having a treasure trove of passwords stored in the Notes app on your phone or written on a sticky note at your desk, the best thing to do is to implement what is called a passphrase.
A passphrase is created by combining a few short words together that are significant to the person creating it. Here are a few sources of inspiration:
Tie any of these in with a 10-character minimum (as required by our IT staff here at Buildable) and a special character on top, and there you go! You have a passphrase.
There are people from around the world who want to ruin your day and your business for their personal gain. As the tools used by hackers get more and more sophisticated, their motivation remains the same. They still want to gain access to your data and exploit it.
Your password policy should include a minimum character length. Get everyone in your organization on board, from the ground floor to the C-Suite to your customers. Anyone who accesses your data must have an excellent password.
If you’re now wondering about the cybersecurity of your business, we can help. Call us at (503) 468-4880 for a free audit →
McMinnville Headquarters
Appointment only
620 NE 3rd Street
Suite A
McMinnville, OR 97128
Pacific City Office
Appointment only
35170 Brooten Road
Suite E
Pacific City, OR 97135
Portland Meeting Room
Appointment only
1355 NE Everett Street
Suite 100
Portland, OR 97209
Phone: (503) 468-4880
Email: connect@buildableworks.com
Talk with an expert at Buildable about your project.
Copyright © 2024 Buildable.
All Rights Reserved
Privacy Policy | Terms of Service