Why do you need to be using strong passwords? If you use something like Password123, how is it possible for someone to turn up at your login page and then guess what it is? It just doesn’t seem possible.
In this guide, I’ll show you how passwords are cracked and try to convince you to start using strong passwords to protect your online accounts.
Why You Need To Use Strong Passwords.
When you turn up at a website login page, maybe your email account, Amazon, Facebook or wherever, you’ll need to fill in the username and password. The username is usually just you’re email address.
Email addresses are rather like phone numbers, we give them out all over the place, so it’s not too much of a stretch to imagine someone getting hold of that.
But what about that password? You wouldn’t normally be giving that out.
Even if you use a simple password like abc123, how is anyone going to be able to guess what it is?
Often they’ll only have maybe 3 or 5 attempts and the account locks up anyway.
So how would a hacker manage to gain access to your account?
The Answer is…
The answer is, that they already know your password. The hacker doesn’t have to try to guess what the password is, they’ve got it written down in front of them.
So if they already have your password, how did they get it and why will using a strong password help?
Username and Password List.
When you create an account with a website, you’ll provide a username (usually your email address) and a password. That information is stored in a database (basically a list).
In the good old days, usernames and passwords would simply be stored in plain language.
The problem here is that anyone with this file can easily log in to any of the accounts on the list.
Even you or I could hack into Joe Bloggs’s account because we have his password. It’s right there in front of us.
It’s just too easy.
Every Website Will Get Hacked.
At this point, there is one fundamental fact that you have to accept and that is that every website either has been or will be hacked into. Every one.
When they get hacked, often the information stolen from them is the username and password database.
Storing a password, even a strong password, in plain language is obviously no good at all. So modern websites encrypt, or scramble if you like, the password. It’s called Hashing.
When a password is hashed it turns into a long complex string of characters that bears no resemblance to the original phrase.
So the password abc123 becomes e99a18c428cb38d5f260853678922e03
On the username and password database, it’s the hashed version of the password that is stored. The original phrase is never stored.
Problem Solved Then?
When the website gets hacked, the list of usernames that they get away with will only contain the hashed version of your password, and the hash is of no use at all. You can’t type the hash into the password box when trying to log in. So the problem is solved then?
Oh if only.
Cracking A Hashed Password.
Once a hacker or cyber-criminal has got hold of your username and the hash of your password (not the real password, just the hash of it) they then need to crack the hash. To find out what the original password was.
There are many password-cracking tools available over the Internet. These tools can generate and check millions of password and hash combinations.
Any password can be cracked.
A hacker simply types in the hash they’re looking for and the tool will then create passwords and check the resultant hash against the one you’re looking for.
When it finds a match, it’s found the plain text password.
Any password can be cracked in this way. The only difference between a simple password and a strong password is how long it will take to be cracked.
Why You Should Use Strong Passwords.
Strong passwords take a long, long time to be cracked, even by powerful computers. There are just so many possibilities and they all need to be checked.
To give you some idea as to how long it would take a modern machine to crack a password, head on over to https://www.security.org/how-secure-is-my-password/
Type in a few passwords. Try a password with 6 characters and see just how long it would take a hacker to crack it. Then try 7 characters and then try 8 characters. You’ll see how the time needed to crack the password increases as you add more characters.
After you’ve tried 8 characters, try entering a 16-character password.
Anything you like.
As an example, I’ve entered
Try adding the number 1 to the very end and see what happens.
Strong Passwords Are Long Passwords.
The longer, the stronger. Your passwords don’t necessarily need to be hugely complex, but they do need to be long. If you can work in a number and a symbol, so much the better.
When you’re creating a new password, numbers, symbols and capital letters do have their place, but it’s the length of the password that’s the most important factor.
Websites need to catch up with this idea. I regularly see websites limiting the number of characters that can be used in a password to 12 or even 10 characters. That’s simply not enough.
These simple to follow guides aren’t a part of the course, instead they are standalone guides.