bank rates

Are Your Online Passwords This Bad?

There’s still much we don’t know about how hackers stole nude photos of celebrities and last weekend posted them online for the world to see.

A number of tech journalists say lax security at Apple is, in part, to blame for the iCloud thefts. Hackers exploited these weaknesses and may have gained access to these celebrities’ pictures by essentially guessing their passwords (with the aid of software).

If this is the case, it shouldn’t be all that surprising. The passwords many of us use to guard personal data like bank, brokerage or credit card accounts, are often too easy for crooks to figure out.

Security firm Trustwave recently released its Global Security Report, which says most consumers pick easy-to-guess passwords that make cracking them child’s play.

The company tried to determine how easily it could crack a sample of more than 600,000 passwords it collected during thousands of network penetration tests it performed in 2013 and 2014.

It recovered more than half of the passwords within just the first few minutes and cracked almost 92% of them in about a month.

Reason: Too many consumers continue to make little or no effort to come up with even moderately inventive or complex passwords.

Not surprisingly, “123456” tops the list of lackadaisical passwords, followed by other variations on that theme, plus classics such as “password” and “admin.”

Other favorites: “Password1,” “Hello123,” “password,” and “Welcome1.”

Trustwave says nearly a third of the hundreds of data breach investigations it conducted last year were aided by weak or default passwords.

What’s the best way to come up with better passwords?

Strong passwords – consisting of a minimum of seven characters and a combination of uppercase and lowercase letters, symbols and numbers – play a vital role in helping prevent a breach.

But that’s usually not enough, the company says. Remember, data thieves use complex automated computer software to crack passwords, not simple human guesswork.

The recent security breaches at Target, SuperValu and other major retailers involving millions of accounts tell you that. So does the news that Russian hackers have stolen 1.2 billion user names and passwords from 420,000 websites. So do the Apple photo hacks.

According to the report, “Many general users and some IT administrators incorrectly assume that using various uppercase letters, lowercase letters, numbers and special characters in a password will make it more secure.”

While that may make it harder for a human to guess your password, “it does not make recovering the password any more resource-intensive for password-cracking tools.”

Rather, it says, “increasing the number of characters in the password dramatically affects the time it will take an automated tool to recover the password.”

Instead of using a single word and a couple of numbers or symbols, the company suggests using longer “passphrases” as opposed to mere passwords.

For example, “GoodLuckGuessingThisPassword” is better than a single word.

Ideally, these should consist of eight to 10 words that are not published (i.e., not well-known quotations).

You should also avoid using the same username or password combination for multiple websites. Use a different password for each new website or service you sign up for.

Other advice: Use a private email you use for no other purpose as your username, and use incorrect or random answers to password reset questions.

Americans are particularly at risk for security breaches, Trustwave says, noting that 59% of victims reside in the United States, with 14% in the United Kingdom the next closest and 11% in Australia. Must be something about the English language.

Don't miss out on the next bank deal. Get the newest deals delivered straight to your inbox!

Comments (0)
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4.50 out of 5)
No Existing Comments

Comments are closed.