Communications How Secure are your Passwords? Uncrackable Passwords?
There is no such thing as an uncrackable password, in time every one is beatable. This is the key to being safe, making your password or passphrase so difficult, anyone who is trying to crack it gives up because it will simply take too long or too many resources. It is two years since I wrote on this subject, and in that time I have spent countless hours researching the whole issue of passwords. After all, they are our only protection in the digital age we live in until our biometrics, (fingerprints, retinal scans, heartbeat or facial recognition) can be simply used to secure our data, finances and thoughts.
Two Step Verification
Wherever possible I advise the use of two-step password security,. Typical examples of this are when you log on to an account from any new device, say a new tablet or mobile phone or someone else’s PC, you get a code sent to your personal (usually mobile) telephone that you are asked to enter by the log in application. Although my bank does not use this method each time I log in to my accounts, they do require it for me to set up a new payment recipient or when logging on with a new device for the first time.
Test your own passwords
It is possible to test the strength of a pass word/phrase online; go to www.howsecureismypassword.net and give it a try. This simple page enables you to experiment with passwords and passphrases and see exactly how difficult it is to crack. The result is expressed in time to crack; I firmly believe that any password/phrase that may be cracked in less than 100 years is not worth using. Let us have a look at some examples. We are always told to use at least 8 characters using both numbers and letters using the password tester... Example 1: 01/08/2017 time to crack 3 hours – now add a couple of letters such as AD and the time to crack is now 600 years. Example 2: TG 680 GW – A car registration number - time to crack 2 months, simply add a UK postcode to this such as W1A 7VW and the time to crack is over 17 trillion years. In the first example above, simply by increasing the number of characters by two made the difference between hours to crack and centuries (from 10 to 12 char). Example two was even more surprising going from 9 characters to 16 characters from months to over trillions of years. Clearly the longer the password or phrase the more difficult it is to crack.
What to avoid using as your password
Do not use: ◊ proper names especially those of your friends, work colleagues and or family or pets ◊ important dates in your life or those mentioned above ◊ other numbers/words easily associated with your/yours i.e. phone number, car registration ◊ NI number, account or club membership numbers ◊ the same password/phrase twice
Password Manager Software
On the face of it these look like excellent solutions. They work by having one exceptionally long and thus difficult to crack password for the Password Manager Software itself, and this in turn generates a different password for each of your logins. They are stored in a secure ‘vault’ and you do not need to know what these are or remember them as the PMS will insert them for you as required once setup. They work across all of your devices if you set them up accordingly. However, recent scrutiny of these systems has shown them all to have issues of one kind or another, so which do you choose? Personally I do not like the concept of a third party application being responsible for my security to this degree. For me the 38 | The Deux-Sèvres Monthly, September 2017
by Ross Hendry
issue is trust and none of the companies offering the service have demonstrated their trustworthiness to me.
Easy to remember and secure
During my research it was clear that it is much easier to remember a few words than a complex password and a few words can provide the password lengths that make your password very difficult to crack. The strongest passwords were shown to consist of five random words; these consistently take millennia to crack. You may generate 7 random words using a book and a pencil, open 7 pages at random and with your eyes closed use the pencil to select one word per page and write them down, once you have 7 words, choose the shortest five words. Now set about remembering them by using a rhyme or acronym or such. Finally you have a password/phrase that is very difficult to crack. By being consistent you can use this plus a few characters to be your password/s for every log in you have, for example: My password/phrase is 20 characters long using 5 random words: logwartrivalbikedoll
Finally putting it all together
For all financial, government, business and email sites I will use a suffix to the password/phrase separated by a special character or space, for example: Gov for government sites, so Driving Licence would GovDL, or taxation GovTX or National Insurance GovNI, LBplc for Lloyds bank, CCBC for Barclaycard, Mastercard would be CCMC and so on. So a very difficult password for the DVLA would be logwartrivalbikedoll/GovDL The result is a password that is very unlikely to be cracked. How long is a nonillion year? For sites that are less sensitive the same core password this time prefixed, so for Amazon – AMA; for Facebook – FB; for Argos – ARG. Once again the prefix may use a space or special character to join to the main password/phrase. If the site insists that you have a number in the password, then use a number instead of a space between password/phrase and prefix or suffix. You will have to comply with the rules of the site/program when you create the password/phrase so if they demand that you use upper and lowercase letters then work these in to your unique passphrase. Ross Hendry is the proprietor of Interface Consulting and Engineering, who has over 42 years experience in Communications, Computer Technology and Direct Marketing. (see advert below).