So you’ve probably read somewhere that weak passwords are a huge security risk, not only to you but for your organisation or the business you work for.
The countdown to disaster goes a little something like this:
An e-commerce website that you have used once in the past gets hacked. The bad guys have managed to retrieve a list of of all the sites users – names, phone numbers, addresses, company names and the like. They will have also retrieved the password you would have used when you created an account on the site. However, more than likely this will be in an encrypted form (sometimes referred to as ‘hashed out’). Typically what follows is that this stolen user list is posted on a forum site or pastebin or sold to the highest bidder – or in some cases just posted for anyone to use. This opens up identity theft possibilities as a starting point. But it gets worse.
If you have a weak password – say 6 characters with a 2 digit number at the end – like the year you were born or some other significant number – it’s very easy for a hacker to uncover that password by running a brute force application – this is where a program basically hits every possible combination using a dictionary of some type. This process can take mere seconds. Once they have successfully ‘cracked’ the password… you know it’s not going to be good.
They now have your name, address, email and a valid password – they can now start to try using this in other places – like your email account, wordpress, amazon, trade-me. Chances are, you use the same password in a few different places.
However, the good news is using a 12-14 digit password, with mixed capped and lower case letters, along with symbols such as #%& – the password basically becomes impossible to crack – there are simply too many variations for any computer to guess the password correctly.
Take a look at the video below to see how scary easy it is to crack a weak password. And see how having a decent password makes it nearly impossible to crack. And if you are using a weak password on anything important – such as email, your website, banking and social media – change it now. Use a password generator. If you use gmail for your email, set up 2 step verification. Use different passwords for each account and keep a record of them in a notebook or something that is offline. It might be a hassle to do this but really it’s nothing compared to discovering that you’re the victim of a data breach or hacking attempt.
Just a quick note for Linkedin users – a few years ago Linkedin was hacked. If you haven’t changed your password for some time – do yourself a favour and change it now.
Check to see if your details have been stolen here.
If you are concerned that your data has been breached – let us know and we’ll see what we can do. However, prevention is and always will the best cure.
Back to notes
