Here is a statistic to keep you up at night. According to a recent study by Deloitte's Canadian Technology, Media & Telecommunications, approximately 90% of passwords are considered to be vulnerable to hacking. Security analysts all agree that our passwords are much more insecure than in the past.
So why are hacker getting better at cracking our passwords? One of the reasons is because of a wealth of new data that they have access. This treasure trove of data is due to massive hacks like the one on shoe retailer Zappos which exposed over 24 million customers personal information, and the 2012 LinkedIn hack which saw cyber criminals obtain 6.5 million user accounts. These mega hacks have help hackers to identify the patterns that we use when creating our passwords.
The other reason that hackers are finding it easier to break through password protection is because of cheap and abundant processing power. It is now possible for hackers to try out billions of password combinations in a matter of seconds. When this is combined with a huge database of password and improved algorithms hacking your password becomes relatively straightforward for anyone with the right resources.
Why you are undeniably more vulnerable to password hackers than you have been in the past, this doesn't mean that there is nothing that you can do about it. Here are six steps that you can take in order to protect your passwords.
55% of people use the same password on most of the sites that they visit, according to a survey of 1805 adults by Ofcom, the UK's communication watchdog. With an upsurge in mega hacks this is leaving a lot of people vulnerable. Once hackers have access to a list of passwords used on one site, they can then use these passwords on any other site that you use as well.
One of the easiest ways to protect your passwords is to not replicate them between different sites. If your password is compromised on one of the sites, it should still be protected on other sites that you use. If you think you will have trouble remembering all those passwords, see how to use password management software below.
One of the reasons that our passwords have become so predictable is because the rules governing what must be contained within them tend to be similar. For example most sites require a mix of upper and lower case letters, numbers and a symbol. The way we meet these requirements tends to be equally similar.
Typically when we are required to add numbers we will do so either at the start or the end of the word, and will most commonly use either the number 1 or 0. Common symbols such as !, #, @, &, * % should are also frequently employed.
People often believe that their passwords are more secure than they actually are ...
People often believe that their passwords are more secure than they actually are, because they deliberately use miss spellings. But unfortunately if you are using these you might not be as unpredictable as you think you are. Hackers algorithms can pick up on these common misspellings as well.
If you want to protect your password then you have to do what other people don't. That means using a truly random series of numbers, characters and words.
In general longer passwords are more secure than shorter ones, even if the words used on the shorter password are more complex. However when selecting a longer password with multiple words it is important that they are completely random. Using phrases or common sequences of words will be easy for the hacker's algorithms to predict.
One way to generate a series of completely random words for your password is to use the Xkcd password generator (from there). This will create a series of four completely random words. The advantage of four random words together is that because they don't conform to a common pattern, they are difficult for hacker's algorithms to predict. At the same time four words are easy for you to remember.
Making common substitutions such as 1 for I will not make your password safer ...
You should also keep in mind that making common substitutions such as 1 for I will not make your password safer, as these can be easily predicted by the algorithms. Appending words is also not helpful as those same algorithms will test these variations out as well.
When 2 step verification on Gmail is activated, before you can access your Gmail account from a new device, you are sent a verification code to your mobile phone. Even if someone obtains your Gmail password they will not be able to access your account from a different computer. Protecting your Gmail account is very important because it is often the key that unlocks all of the other passwords you use on other sites.
Never change your passwords by following links in emails that you did not request, since those links might be compromised and redirect you to the wrong place.
After a large hack, such as the recent LinkedIn attack, there is typically an uptick in the amount of phishing emails. Because users are expecting communication from the site that has been hacked, this is a good opportunity for hackers to find out your password. Do not change your password or verify it directly from any email communication. Instead enter the address of the site in the browser, and make any changes on the website itself.
While taking steps to randomize your password and avoid common mistakes is a good first step, if you really want to properly protect your password you should use a password manager. There are a lot of popular password managers on the market and we recommend you to start with SecureSafe Pro.
Password management software is not only more secure it also makes the job of remembering passwords easier. SecureSafe Pro uses a local decrypter installed on your computer, and the password information can be easily synced among your devices via the cloud (Dropbox, Skydrive, Google Drive or others). As well encrypting and decrypting your passwords, password management software includes password generation tools which create truly random passwords. SecureSafe Pro can also keep credit card information and even regular files inside the secure storage.
SecureSafe Pro is free to try: it can keep up to 20 passwords for free but if you want to continue use it on your growing database it will cost you $39 for unlimited number of computers. Read more about SecureSafe Pro Password manager here and start using it right now for free!