In Germany February 1st is Change Your Password Day. How secure is your password? When did you last change it? If you suspect that this blog is speaking directly to you, now is the perfect opportunity to make your password secure. Let us show you how.
Password? Don’t give hackers a free pass!
It’s difficult to believe, but there are still passwords being used like ʽ123456ʼ and ʽPassword123ʼ. Such simple letter and number combinations are practically an open invitation to hackers to steal data. Yet these days, it should be clear to everyone why a secure password is so important. They are an integral part of both your business and personal lives, and everyone has dozens of them. No matter what you want to do online, whether booking accommodation on booking.com or buying something on Amazon, whether carrying out a financial transaction or just logging on to your company PC, you need a password.
As it’s understandably pretty difficult to create and somehow remember a new password for everything you do online, a number of users not only stick to simple passwords, they use these for several different accounts. Cyber attackers love this, as, once they‘ve cracked that password, it opens the door to the user’s entire online universe. You want to prevent this by making their task as difficult as possible.
Using a password strategy to protect personal data
The password manager service Nordpass has published a list of the most-used passwords in 2019, put together with the help of independent researchers who wish to remain anonymous. The list was put together from a database of 500 million entries, grabbed from a wide range of sources. These leaked passwords include simple number combinations such as ʽ12345ʼ or ʽ11111ʼ, as well as consecutive key combinations such as the middle row series ʽasdfgʼ.
The top 20 most-used passwords in 2019 are as follows:
That’s pretty sad, isn’t it? In 2012, the American web portal GIZMODO announced a Change Your Password Day to create awareness of password security. We at SEEBURGER would like to use this day as an opportunity to encourage you to try out more complex – and therefore secure – passwords.
What makes a secure password?
Chaos, basically. An illogical series of characters. A secure password consists of at least eight characters – although 12 or even 16 would be better – and contains both upper and lower case letters, numbers, and special characters. The more random, the better.
Hackers basically only have two methods to crack passwords. One of these is to take a dictionary and try out all the words it contains. Therefore, make sure that your password isn’t in the dictionary.
The other option is to systematically try out series of key combinations such as aaaa, aaab, aaac, 12345,123456,1234567, etc, until a combination fits. This is known as a brute force attack. There is only one defence against brute force attacks: make your password as long as possible. A password only really counts as secure if it consists of at least 12 characters. The table below shows the maximum time a bruce force attack takes for different password lengths, based on a rate of 100,000 tries a second:
|4 Characters||5 |
|11 Char.||12 Char.|
|10 [0–9]||<1 ms||<1 ms||1 ms||10 ms||100 ms||1 second||10 seconds||2 minutes||17 minutes|
|26 [a–z]||<1 second||<1 second||<1 second||8 seconds||4 minutes||2 hours||2 days||42 days||3 years|
|52 [A–Z; a–z]||<1 second||<1 second||20 seconds||17 minutes||15 hours||33 days||5 years||238 years||12,400 years|
|62 [A–Z; a–z; 0–9]||<1 second||<1 second||58 seconds||1 hour||3 days||159 days||27 years||1,649 years||102,000 years|
|96 (+ special characters)||<1 second||8 seconds||13 minutes||21 hours||84 days||22 years||2.108 years||202,000 years||19 mill. years|
Figure: Time needed to crack a password
4 easy methods to remember complex passwords
- The acronym method
Take a sentence and use the initial (or end) letters of each word to create a password, adding a couple of numbers or special characters into the mix.Example I
Sentence: ‟Oh I love to go a-wandering along the mountain track”
Replace Oh with 0, ‘to’ with 2, and ‘a-’ with @ and you get the following password: ʽ0Il2g@watmtʼExample II
Sentence: ‟I love meat and two veg on Sundays!”
Replace the word ‘two’ with 2 and ‘andʼ with ‘&’ and you get the following password: ʽIlm&2voS!ʼ
- The sentence method
Here, you take a sentence which contains at least one number and put all the characters into a long lineExample
Sentence: ‟Six witches are watching six watches”
Replace the instances of ‘six’ with ‘6’ and you get: ʽ6witchesarewatching6watchesʼ
- The double word method
In this method, you take two words which are then cleverly shortened and connected with special characters.Example
The names of my pet gerbils, Alfred the Great and Fluffy, could produce the following password: ʽAlfredthegr8+Fluffyʼ
- The Leetspeak method
Leetspeak refers to a method in which individual letters can be replaced by numbers. ʽe/E’ is replaced by ʽ3’, while ʽo’ is replaced by ʽ0ʼ, ʽa/Aʼ by ʽ4 ʼ ,ʽsʼ by ʽ5ʼ and ʽi/Iʼ by ʽ1ʼ.Example
The word: unsustainable therefore gives you the password: ʽun5u5t41n4bl3ʼ
So, how secure are your passwords? (I assume you have several?!!)? If you are using an insecure password, or just haven’t changed your password for ages, take action today and use Change Your Password Day as an opportunity to get creative and protect yourself with complex passwords. Did you know that passwords are considered the most vulnerable link in the IT security chain? For cyber criminals, but also for amateur hackers, weak passwords are basically an open invitation to get at data such as e-mail and postal addresses, telephone numbers, bank account details, and even business information. Start protecting yourself today!
Get in contact with us:
Please enter details about your project in the message section so we can direct your inquiry to the right consultant.
Written by: Rolf HolickiRolf Holicki, Director BU E-Invoicing, SAP&Web Process, is responsible for the SAP/WEB applications. He has more than 25 years of experience in e-invoicing, SAP, Workflow and business process automation. Rolf Holicki has been with SEEBURGER since 2005.