Even seemingly good passwords provide little or no protection against hackers, experts hired by the Pentagon discovered.
When a company called KoreLogic was hired to evaluate password security by the Defense Advanced Research Projects Agency or DARPA, a Pentagon agency, its experts discovered that passwords that followed security protocols were easy to crack by hackers.
And it’s not just the Pentagon.
Half of the employees at an unnamed Fortune 100 company used just five patterns when composing passwords, KoreLogic’s experts discovered. That makes it easy for hackers to replicate the passwords by creating a computer algorithm which simply copies those patterns with different words and numbers over and over again, security expert Jeff Fox said.
Big Password Mistakes You Are Probably Making
KoreLogic also found that most people make a few basic mistakes when creating a password, making it easier for hackers to get around them, according to Fox at StateOfTheNet.net. The five biggest password mistakes included:
- Simply adding letters to make a password longer. For example: JoeSmithAA.
- When a special character is required, simply putting a special character at the end to meet the requirement. For example: JoeSmith!
- Beginning with one uppercase letter followed by lowercase letters. For example: Joesmith.
- Putting a few numbers before or after the letters. For example: 45joesmith or joesmith45.
- Using none or only one special character in a password. Use at least two, but disperse them throughout the password.
“Since many passwords are stored in such a way that they can’t be directly read by people, hackers often use software to crack them,” Fox wrote. “The longer it takes to crack a password, the less likely the hacker will succeed. If it takes too long, the hacker may give up and move on to easier prey.”
Fox also wrote a story for Consumer Reports, “Hack Proof Your Passwords.”
“Long passwords comprised of a variety of letters, numbers, and special characters can better withstand cracking software than can short, simpler ones,” Fox wrote. “However, when something about a password’s composition is too predictable — it begins with an upper case letter, for example, or includes a recognizable word — it can be cracked much more quickly.”
Fox gave five tips for making a password safer:
- Don’t begin “the password with an upper case letter—or maybe evenany letter”
- Avoid using familiar phrases and words.
- Use multiple special characters.
- Don’t place numbers next to each another.
To help remember passwords, security expert Bruce Schneier suggested using an acronym.
“My advice is to take a sentence and turn it into a password,” he wrote. “Something like ‘This little piggy went to market’ might become ‘tlpWENT2m.’ That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence – something personal.”
What are your password tips? Share them (anonymously) in the section below: