You need to be using long, complex and unique passwords to protect your online accounts. You probably already know that, but so many of us still refuse to do it. Why? Because using strong passwords is hard work. It’s difficult.
In this guide, let me try to show you why you should make the effort to use strong and unique passwords for every website account.
Why You Need To Use Strong Passwords.
When you turn up at a website login page, you’ll need to fill in the username and password. The username is usually just you’re email address.
If someone is trying to hack your account, it’s not too much of a stretch of the imagination to accept that they probably already have your email address. After all, most of us give that information out easily enough.
But what about that password?
Even if you use a simple password like abc123, how is anyone going to be able to guess what it is?
Often they’ll only have maybe 3 or 5 attempts and the account locks up anyway.
So how would a hacker manage to gain access to your account?
The answer is, they already know your password. They don’t really have to try to guess what it is, they’ve got it written down in front of them.
The Data Breach.
This is where it all starts. Have you heard that term used in the news “There’s been a data breach at XYZ website”?
What that means is someone has stolen your data from the website, your username and password. That’s pretty much what a data breach is.
In the old days, usernames and passwords were stored like this.
Just a simple file. A table.
Looking at that table, even you and I could hack into Joe Bloggs account. Easy right?
So websites got smarter, they had to.
Now what happens is that your password is encrypted.
It’s called hashing.
When there’s a data breach, this is the kind of thing they get away with.
Joe’s password is still abc123, but after it’s been hashed you’d never guess it. Or would you? The encryption software that actually does the hashing is freely available on the Internet.
It can easily be downloaded onto just about any computer.
Decrypting A Hashed Password.
Supposedly you can’t actually decrypt a hashed password. You can’t unhash it. So how do they retrieve your password from the hash?
It’s ridiculously easy. Out on the Internet, you can find lists of passwords and their matching hashes. Millions, billions maybe, of passwords and the equivalent hash.
And now you simply tell the computer which hash to look for.
The computer will scan through the list, and if it finds a match, bingo.
At this point, the hacker has both your email address and a password for at least one of your online accounts.
Use Strong & Unique Passwords.
When you’re creating a password to protect an account, ideally you don’t want that password to appear on any of these lists. You don’t want to be using a password that has already been leaked in a data breach.
Which is why you need to use strong passwords.
Strong passwords are long passwords, the longer the better. Most websites insist upon passwords of 8 characters or more.
So 8 is the minimum that’s required and you know what, that’s what most of us will use. But 8 ain’t enough.
Most 8 character passwords have already been cracked. Don’t believe me, after you’ve finished reading this, pop along to Have I Been Pwned and try typing a few into the search box.
To make your passwords strong, you need to be using at least 12 characters. 12 minimum. Ideally 16 or more.
The sheer number of possibilities when using 16 characters means that there is a very good chance that it will never have been used by anyone else before.
If it hasn’t been used before, it can’t have been leaked in a data breach.
And if it was never leaked, then it can’t appear on a password/hash list.
How Many Websites Get Hacked?
The problem with data breaches is that websites and the companies that run them, don’t usually want to announce the fact that they’ve gone and lost your login info. They’d generally like to keep it quiet.
Which makes it difficult to come up with an accurate number. Most sources agree that something in the region of 30,000 websites per day are hacked into. That’s per day.
So while we hear about the odd data breach on the news, that’s only because the vast majority simply don’t get reported. There are just too many of them.
And it’s not just the big websites that get hacked. It’s all the millions of smaller sites.
School websites, club websites, community sites. Websites that simply don’t have the infrastructure to protect themselves.
These little, seemingly unimportant websites, that maybe you created a long-forgotten account for a few years ago. And you used a quick password, something that you can remember easily, maybe the same one you use for your email account because you know that one.
So simply by hacking into a tiny little website, someone now has your email address and the password that is supposed to be protecting your email account.
Use Unique Passwords.
By unique passwords, what we mean is a different password for each and every website. No matter how small, or unimportant that site seems to be, it can and probably will be hacked at some point.
And if you’ve re-used passwords, then your password is now in the hands of a hacker who can either sell it on or use it themselves, to gain access to other, more important, website accounts.
Always use a unique password for every website. Don’t give them an easy way into your online life, because once they’re in, it’s very difficult and usually costly to get rid of them.
Managing Strong & Unique Passwords.
Quite frankly, it’s impossible to remember strong passwords. While there may be people out there who can remember 10 or 20 strong passwords, I’m certainly not one of them. And it stands a very good chance that neither are you.
That’s the problem with strong, unique passwords, they’re unusable. Or at least they are unusable to us humans. But computers don’t have any problems remembering long strings of numbers and letters.
There are dedicated programs/apps called password managers (such as Lastpass, Keepass, 1Password etc) that can create and store hugely complex passwords for you. And these are really good, but they’re not for everyone. And they’re not always free to use. Or at least if they are, then certain features will be disabled in the free version.
But your web browser can also manage your passwords for you. And that’s what we’re going to look at on the next page.
More Guides From At Home Computer
Getting It Done, One Guide At A Time