Strong authentication is at the core of security at every level of our interconnected online community, from the individual sitting at their desktop, to all employees of a company logging into their computer, to organizations that manage critical infrastructure, like our power system. Authentication refers to the process of verifying the identities of all parties involved in an online transaction. The most common form of authentication is password-based authentication, and today, clever, multi-dimensional password management is crucial to protect one’s online identity.
The Danger of Unoriginal and Reused Passwords
Because there have been so many breaches of widespread websites in the past few years, hackers and crackers now have a collection of approximately one hundred million human-generated, cracked passwords to analyze, study, sift, and share to look for patterns not just in common passwords, but password-generating algorithms. The people who want to understand how you protect yourself online now have a huge statistical sample to figure out just how original we are – and the answer is not very. Not only are the most commonly used passwords now open for inspection, so are the patterns we use to complicate our passwords. The most common themes are things like:
1) Word + Number: The word is usually capitalized on the first letter, and the number is most typically four digits (e.g. Columbus1492)
2) Word + reverse of word (e.g. MirrorrorriM)
3) Replace letters with graphically similar numbers or symbols (e.g. Numb3r, prince$$)
4) Add symbols at the end of words (e.g. Super!!!)
5) Shifting our finger position on the keyboard and typing a common word
Do any of these look familiar? The reason these are so dangerous is that once the patterns are known, password cracking becomes vastly simplified. A twelve-character password that is truly random from the set of 96 readily printable characters is merely one of almost one trillion trillion (9612) possibilities. But if you use one of these patterns, then your password is now coming from a set that is probably at most a trillionth of the size. This new learning is coupled with the increasing availability of more powerful tools for cracking passwords; tools that are incorporating this new wisdom. Today, freely available software and $12,000 can buy a computer system that is quite capable of attempting all of a trillion possible passwords in a tolerable amount of time. Consider a recent LinkedIn breach that exposed a 6.5 million password database. Fifty percent of the passwords were cracked in less than thirty seconds. Not thirty seconds each, thirty seconds total – for 3.25 million passwords.
Password-Generating Software: Clever on Your Behalf
This might seem overwhelming and may even be enough to convince someone to stop using the scary World Wide Web completely. However, there is an easy way to help protect your online information and be confident in your strong passwords – plus, password creation requires no thought on your part! Password-generating and management software is a valuable tool to invest in. It provides randomly generated passwords and stores them for you – so the only password you need to remember is the one to access your desktop and the software. Because you don’t need to specifically remember all of your passwords, you can boost their strength by creating longer ones (12-16 characters). Although it does take extra time to open up then type in your stored passwords, the software is worth the peace of mind and ramped up security it provides. Additionally, password managers can solve another common problem of password creation – re-used passwords. When using a strong, verified password manager, there is no benefit or reason to ever reuse a password.
When deciding which password generation and management software to invest in, it’s important to realize that not all software is created equal. Some have very weak generating algorithms and others offer only weak password database protection. It’s crucial to pick a password manager that is well respected by cryptography experts, such as Password Safe and LastPass, two excellent software options that offer free versions.
Consider using randomly generated passwords. Strong security and a smart online profile requires a bit of extra time – but isn’t your peace of mind worth it?Follow @ENBALA