How secure are your passwords?

We hear this all too often, but just how important is it to vary your passwords? How complex should they be? How do I remember them?

(This article will be updated periodically)

How quickly could a computer guess my password?

Computers can use a method known as a ‘Brute Force Attack’ to guess lots of passwords at a time, with the goal of ‘Cracking’ a users password.

Did you know that if you use a pincode as your password, because we are only working with 10 possible characters in total (0-9),  this would take an average computer* as little as 14.17 minutes to break! Supercomputers or botnets, can be up to 100000x faster, so they would make light work of a pincode password, and it would take roughly 0.0085 seconds to break!

How about a lowercase word instead, such as “computer”? Well, there are 26 characters in the alphabet. So, to break an 8 character password, it would take an average computer 2 days. On a supercomputer or botnet however, this will take as little as 1.8 seconds!

This is why most online accounts now require a forced degree of complexity in passwords. (Upper and lower case, minimum length, special characters etc.)

Firstly, it makes the password harder to guess from a human point of view, but more importantly, harder to guess for a computer. Granted, there are features like ‘Maximum number of tries’ in place to prevent what are known as brute force attacks on passwords from computers, but these methods are far from foolproof, and there’s no replacement for a complex password.

As a demonstration of that, if we use symbols/special characters, upper & lower case & numbers and set the password length to 10 characters, your avergae computer would now take 289217 years. Even a supercomputer or botnet would take at least 3 years on average with this complexity.

Password complexity matters!

*On a modern computer (8 core, 2.8 GHz) using the SHA512 hashing algorithm, it takes about 0.0017 milliseconds to compute a hash. This translates to about 588235 password guesses per second. We also assume that on average, the password will be cracked when half of the possible passwords are checked.

How important is it to vary your passwords?

The short answer here is very! Even the most secure organisations have breaches, if that happens and you’ve used that password to secure other accounts, then all of them are at risk.

The most important account to keep separate though is your email account. This is because once someone has access to your email, they can use it to reset your passwords for other accounts, and potentially lock you out forever.

Where possible, enabling 2FA (2 Factor Authentication, such as a text to confirm login) is also an important step. It can be the last line of defense to prevent someone gaining access even if they did have your password. We talk some more about this in our article on device/account security.

But how do I remember them?

Ok, that’s fine but how am I supposed to remeber all of those passwords? The simple answer is that you don’t have to.

Password managers now make this much easier. There are a few different ones around, but the one we would recommend – And use ourselves – is ‘Dashlane‘. The benefits include…

  • You only need to remember one password (Make it a complex one!)
  • You can use it to generate complex passwords for every account you have
  • Regular checks are done for data breaches, including on the dark web.
  • Dashlane will inform you if your password has ever been compromised in a breach.
  • Reminders to change a password if it matches one you have used before.
  • Access across multiple devices. (New computer doesn’t mean you have to reset all of your forgotten passwords)
  • Every time you reach a login page, Dashlane automatically fills in the details and logs in.
  • You can set the security so that every time you close a browser, lock a phone, or reboot a PC, Dashlane requires a secure password and authorization from your mobile phone before logging in again.

Is a password manager secure?

Some worry that keeping all your passwords in one place is not very secure, but this isn’t the case.

  1. Dashlane keeps track of all new devices that sign into it, and can be set to require authorization from a code that can only be accessed from the users mobile device. This code changes every 30 seconds.
  2. Features that make creating and using complex passwords easier, far outweigh that of using the same/variations of the same password.
  3. For anyone that prefers to write their passwords down, Dashlane requires authentication each time you switch on your computer and load your browser. Whereas with the written method, your passwords are only as secure as that piece of paper!

Following the steps above will ensure a high level of password security, meaning you can rest just a little easier.

Testimonials

We enjoy building good relationships with our clients, so it’s always a pleasure when we see our efforts paying off in the form of positive feedback. Click the link below to see what our customers have said about us.

Testimonials

Are all SSD’s the same? Website Hosting – Pro’s and Cons to different services