Cracking the Code to a More Secure Password

March 10, 2016 The TNS Group

Individual electronic security comes in 3 flavors. There is something you know, something you have and something you are. Something you are would be the fingerprint, retinal, and hand scanners…the things they love to use in movies. Something you have would be a pass card or pass key and something you know would be a password or PIN. It’s the something-you-know that we are going to focus on, as this is the one that you have the most control over and are often asked to change.

As more electronic devices enter our lives and more of our data moves to the cloud, passwords have become the skeleton keys of our digital society.  We use these keys to protect some of our most guarded information, as well as some of the completely irrelevant stuff. The problems start to arise when you realize that password re-use is all too common. If you use the same password for your bank that you use for Facebook, Twitter, credit cards and Amazon accounts, there is a much higher chance of disaster if one account is compromised.

A good way to think about this is to imagine that someone gains access to your credit card management site.  They can look at your statement and see that you have several charges from Amazon. So, they pop over to Amazon and try the same username and password as your credit card and ‘Poof’, they’re in.  Now, let go shopping.  You might be surprised at the digital paper trail we leave across the internet.

So how do we stop this, or at least limit the impact?  The simplest options are to use a password manager or make all your passwords different.   Password managers aren’t for everyone and can become cumbersome at times.  But making all your passwords different sounds like a nightmare, what with all the squiggles, weird characters, numbers and punctuation.  How will I remember all these?

This is actually the funny thing, in trying to make passwords harder to crack, we’ve made them harder to remember and ironically easier for modern computers to crack.  Also, because they are harder to remember, we tend to write them down.  Once committed to paper, they can be lost and/or read by others.

The reason your password “8@ndW@g0n” is easier than you think for a machine to crack is simple and boils down to one word “entropy”.  This is the lack of order or predictability.  BTW, the example is the word bandwagon to anyone who does not know leet speak.  This example is said to have a low entropy because we have substituted common characters in an attempt to make the password easier to remember.  The more common the substitutions, the easier to break.  In addition, we as a society have instituted policies that state you must have a capital letter, a number and a special character.

There is a way that you can make the password easy to remember AND almost impossible to crack.  The secret is….use multiple common words.  Specifically, 4 common words, run together.   For example, “SimpleWordsEasyMemory”.  This is much harder to guess, and far easier to remember so you do not have to write it down.

So….lets get really nerdy here and break this down by the numbers.  The first example I gave has an entropy equal to roughly 27 bits.  If you figure an everyday computer can make ~1000 guesses/sec, then 227 will take less than a day to crack.  Now, take the 2nd example, this has about 84 bits of entropy.  If we use the same 1000 guesses per second, we get 284 taking about 1 year, 3 months to crack…I like my odds here.

If all of this seems confusing, don’t worry, many security experts have a tough time with this.  In the last 20 years we have made passwords harder to remember and easier to guess. All it takes is a few minutes to improve the security and privacy of your online accounts.  Are you willing to put the forth the effort to change out your credentials or do you feel that your current passwords are strong enough to go head-to-head with a hacker?

Contact The TNS Group to learn more about safeguarding your personal and professional assets.

, , , , , , , , , , , ,