Think your Complex Password is strong? Here is how a hacker can still break it!
We have all witnessed many companies become victims of cyber-attacks in the last few years. Cyber-attacks are unfortunately a more common thing nowadays and having the best spam filter or a super complex password doesn’t always stop them. There are many different and inventive ways of destroying or stealing data but one of the oldest and effective ways of hacking is called a Brute Force Attack. It may not be the most sophisticated attack but it works far more often than we let ourselves believe. So what is a Brute Force attack?
What is a Brute Force Attack?
A Brute force attack is a trial-and-error method of guessing data such as usernames passwords or PINs. The attacker will try as many combinations as possible with the hope of guessing correctly. These attacks have been enhanced using automated software and accurate data sets to generate many guesses based on the most common passwords used. If your password is in one of the lists below or similar it may be worth changing your password now:
- Password
- 123456
- qwerty
- admin
- 123321
We know these are super generic but still so many people are not using complex passwords where they should be. Check out the latest list of common passwords here: https://www.telegraph.co.uk/technology/2017/01/16/worlds-common-passwords-revealed-using/
The above shows an example of what a brute force attack may look like. This image was taken from our own WordPress where you can see several failed login attempts from within minutes of each other. This will be a hacker attempting to take over our website and possibly sell the domain after taking over. Fortunately, in our case, we have tight security measures in place to prevent this kind of attack!
Complex Passwords:
Use long and complex passwords to prevent your data from being breached. Even better is to combine a strong password with two-factor authentication! Two-factor authentication is usually in the form of a code sent via text or email link sent to you upon login. All devices and logins you use should have long and complex passwords because it takes a single vulnerability in one device to open the door to your whole private network. This is even more important with the introduction of the ‘Internet of Things’ or IoT for short, which describes your other internet-connected devices such as smart fridges and speaker systems. How can we ensure our passwords are complex enough?
Setting a Complex Password:
Unfortunately we don’t all have memories as good as a computer so it’s best to base your day to day passwords on something memorable. That being said do not include your name, your pet’s name, or the place where you work as these could be researched by a hacker visiting your social media sites as all of these things are public information.
A good complex password should:
- Be at least 8 characters long, but the longer the better we recommend aiming for 12 characters.
- Contain at least 3 of the following 4 character types (the more the better):
- Uppercase letter
- Lowercase letter
- Number
- Symbol (including punctuation marks and even a space)
- Expire (need changing) at least every 90 days!
- To make something complex and memorable you should choose some random words, and string them together into something you will remember like FranksTugBoat.
- Then add numbers or replace letters with numbers to make Fr4nksTugB0at. Then add or replace with symbols to make Fr4nk$TugB0@t. Think of it like trying to make your name out of a number plate.
- Finally, you should make sure every password you use is unique. If you want to use a similar password for your social media accounts, for example, adding an F B somewhere for your Facebook password eg. FFr4nk$TugB0@tB or L I somewhere for your LinkedIn eg. Fr4nk$TugB0@tLI is a good way to memorize your passwords without having to change them too much!
Hey, Presto you’ve done it. A memorable, complex, long, and unique password.
Stay One Step Ahead of the Hacker
It doesn’t just stop at making a secure password but goes onto training to use it properly as well. Your IT support provider can help by enforcing a password policy with all of the above attributes, and by using two-factor authentications where possible. Unfortunately, during our time providing Nottingham IT Support we have come across IT providers that don’t even use complex passwords themselves!
Here are some key pointers when using and setting passwords:
- Never share your password with anyone or write it down. When we visited one of our Derby IT Support clients we found a few passwords written on post-it’s attached to monitors, you know who you are…
- Make sure you have a different password for your different sites or vendors. You’d be opening yourself to a wider world of hackers if they managed to crack your Facebook and from there log into your email and beyond.
- Regularly change your password. Yes, this can be annoying but it decreases the possibility of someone else knowing your password, especially if you’ve lost a device or changed phone/computer recently, and it’s good exercise for the brain!
- Activate two factor authentication where you can.
- Reduce your publicly accessible information to reduce the possibility of your personal data being used in a password attach against you. For example, make all your facebook information private, unless a person if your friend, and be cautious to who you make your friend on Facebook.
- If you need to set a password on a device that you will almost never log on to, such as the master password to your smart fridge console then set a random, complex and long password, write it down and lock it in a safe.
- Use a random password generator such as this one: http://passwordsgenerator.net/
- Configure timeouts and lockouts where possible to stop brute force attacks, but make sure you set accurate recovery information should your account be locked out.
If you need any further help, or if you would like a comprehensive IT security audit for your business feel free to contact one of our directors at Liberate IT.