Passwords: Easy to Remember, Hard to Hack

Passwords: Easy to Remember, Hard to Hack

Posted on Apr 15, 2016

Better Practice

Looking for a better way to create strong and memorable passwords?

Consider the strength of the passphrase depicted in our cartoon, which takes into account the use of GPUs (which are much faster than CPUs) in modern password attacks.

We recommend using a passphrase of at least 4 random common words.

The benefits:

  • It’s harder to hack into. (Higher entropy)
  • It’s easier to remember. (Form a mental image using the words.)

Tips:

  • Make sure all the words are completely random to decrease predictability.
  • Use at least 4 different words with complexities (symbols, numbers, capitals) appended to the beginning and/or end.

Common Practice

The traditional suggestions for strong passwords are usually:

  1. Start with a memorable base word of at least 8–12 characters.
  2. Make substitutions for a few letters, using capitals, symbols, and numbers.

Entropy is a measure of unpredictability of information content. The higher the entropy, the harder something is to predict.

However, there are drawbacks to this method.

  1. The password is still relatively easy to hack into. (Low entropy)
  2. It can be hard to remember which letters were substituted for which characters.

Some Context…

The average person visits 25 password-protected sites on a regular basis. To actually remember that many different passwords though, it’s like you need a superhero’s memory.

So it’s no wonder that 73% of people use the same password for multiple sites. Although this increases their risk of being hacked, they get comfortable living with a certain amount of risk over time, especially if they haven’t been victimized (yet).

Your Whole Life Online

Since 1961, when the first computer password was developed at the Massachusetts Institute of Technology, our society’s dependence on technology has drastically increased. This year about 6.4 billion devices and control systems will be connected to the Internet, which is up 30% from 2015. Think of all your personal information that is guarded by passwords now: email, finances, health insurance, and social media accounts, to name a few. And when it comes to protecting your company’s data, the stakes are multiplied.

Greater Threats

How safe do you think your business is? “Bad actors” were able to get into companies like Facebook and Gmail, compromising 2 million accounts. International criminals have hacked into the U.S. infrastructure, using search engines like Google to find unprotected access points. According to authorities, the threat of cyber attacks is “growing exponentially” but “America’s private sector has been woefully slow to adapt.”

Organized criminals have made it their business to hack into companies and hold their data hostage. These digital mobsters are in it for the money and have made it their profession. If they can get your password easily, then it’s not hard for them to break in.

Consider the FBI–Apple encryption dispute. In the March 2016 San Bernardino case, the FBI originally wanted Apple to circumvent the iPhone’s security systems that limited brute-force attacks.

Brute-force attacks are when hackers or computer programs cycle manually through every possible combination of characters to crack a password. Establishing secure passwords is an essential first step to safeguarding your data.

First Line of Defense

Take action to protect your data from the growing security threats. Implement a company-wide practice of regularly changing passwords. And try the passphrase method for easier-to-remember, harder-to-hack passwords.

Note: This cartoon from xkcd inspired us to create our own updated version.