7-bit#, 7-bit#-not PW123 – A Password Primer
This headline depicts how passwords are written and stored in your computing environment. We won’t go into heavy details, but it essentially works this way.
When you put letters – upper and lower case – and numerals and special characters into your password, the storage system records them in a code involving 7 bits and a # symbol. Hackers have learned that if they attack your password in #s, or hashes, they have a shot at cracking your password.
When you change just one special character – or number or letter, you’re only changing one #. You’re actually making your security worse when you do that, especially if you have a really simple password and depend on a &, $ or @ to keep your passwords secure.
Here’s what you need to know about keeping them secure, and if you understand the principles, you’ll know why passwords can’t go away fast enough.
- Don’t change just one number or special character. If someone has managed to get close to your password, it doesn’t take much run a program that swaps out 10 numerical characters and maybe eight special characters.
- Don’t use short passwords. A computerized analytics program can run through a short combination of letters and characters faster than you read this sentence.
- Do use long passwords with combinations of upper- and lower-case letters, numerals and special characters.
- Do change several numbers and/or special characters when you change your password.
- Do make your passwords illogical. We all try to keep some semblance of something we can remember because we need to have passwords for so many websites or apps. But if a hacker catches onto your logic, you’re more vulnerable.
We can’t emphasize strongly enough that password and internet security get more critical every day. Hacking and ransomware attacks get more prevalent, and the stakes are higher as we digitize every aspect of our corporate and personal lives. Governments, agencies and school boards – Livingston here in NJ being the latest – have fallen victim to ransomware attacks, and all face the agonizing decision of whether to pay up or try to recover their data. The latter can take longer and be more expensive than the ransom payment, but for some, it’s a matter of principle.
This leads us to four other recommendations when it comes to passwords and internet security:
- Use fake answers for the security questions that accompany passwords on many websites. So many of them involve facts that are the matter of public record, including addresses, your first car and your maternal grandmother’s middle name.
- Use a password manager program – and let it generate random passwords for every online account you have or ever hope to have. You just need to remember one password, and you can use it to download every password you have if and when you need to know each one.
- Have a real backup program for your data. OneDrive and Dropbox are good for storage, and you can recover your data file by file. A backup program such as Azure allows recovery and restoration more efficiently.
- Switch from passwords to biometrics whenever and wherever you possibly can. Biometrics are becoming more available, and it makes sense to incorporate them where you can.
Contact us by phone – 973-433-6676 – or email to talk about a good backup program, a password strategy and/or moving to biometrics. And above, practice safe password protection.