TechTalk - Understanding Passwords

Understanding Passwords: Don't be a victim

The concept of passwords has not changed over the last 50-year. It’s a secret sequence of letters, numbers, symbols, and lengths that make up a password. It’s supposed to be hard to figure out to keep others from gaining access to what we are protecting.

The concept of passwords is a good one but has a few critical limitations that we all should be aware of, and I’ll share why.

Memorable Passwords

Passwords created are typically formed to be memorable. These tend to reference important dates, pets, family, and locations. They are commonly reused over and over again. And more often done to extend our memorable passwords is adding characters or symbols to the end of them when needed.

We use memorable passwords to make it easier for us to remember and recall. This may have been a good tactic 30-years ago, however today it’s common knowledge and is being used against us. Software is more than capable of using psychological techniques and traits to figure out passwords. I urge and stress enough to everyone… stop using memorable passwords.

Unique Passwords

Over the last 50-years, using passwords has increasingly become a common practice. As the availability of technology and accessibility of Internet connectivity increased, so did the number of internet accounts requiring passwords. Since more than 200-billion passwords have been created and used.

For a human to create a truly unique password is extremely rare at best, especially if we focus on meeting minimum password requirements. These requirements are typically 8 characters in length, with upper and lower case letters, and a number or symbol contained within it. The likely hood of creating a password that has been created before is pretty good.

Passwords For Sale

Every so often we hear of a data breach, where a company has been hacked and data taken from them. More than 9,000 data breaches have been publically announced since 2005, totally more than 10 billion records taken. Now keep in mind that is only what is reported by big corporations like TJ Maxx, Sony, Evernote, Target, eBay, JP Morgan Chase, Yahoo, Heartland, AOL, and Experian to name a few.

Data taken is typically sold on the dark web. The collections of compromised passwords grow every day.

What are the odds a password has not been created before? What are the odds the password using is not already for sale on the dark web?

Two-Factor Authentication (2FA)

Knowing that passwords can be compromised, two-factor authentication was born. It acts as a secondary password that constantly changes, typically six numbers in length. This in conjunction with a password strengthens the overall weakness of just using a password. It brilliantly creates a secondary layer of protection that is less likely to be compromised. Sweet! Now we can go back to using memorable passwords.

Wait a minute… less likely? Yes, even 2FA can be compromised in several ways. Using 2FA helps and I highly recommend using it when you can, but it does not help if weak and compromised passwords are used.

Summary

The odds are stacked against us. With:

  • over 7-billion people and growing on the planet actively using the internet;
  • minimal enforced standards for passwords;
  • possibilities creating a truly unique password;
  • the average person changing their password every 5-years;
  • more sophisticated hackers and software evolving every day;
  • lack of consumer cyber education;
  • corporate data breaches increasing every year;

It’s a lot to take in and understand. Most of us will continue to ignore the facts until becoming a victim. I encourage everyone to take a stand and move beyond minimum standards. Embrace the fact that maximum-length passwords should be the standard. Having unique passwords for every account is a beautiful thing. And finally, don’t be afraid of changing passwords more regularly – hopefully more than once a year. 

Copyright © 2021 MyITAssistant LLC. All rights reserved.

MyITAssistant Client Community

New to MyITAssistant? 

Join our client community and let us help you. We are committed to our client’s digital lives providing solutions, securing technologies, and being there for assistance.

Please follow and like us:
Comments are closed.