An acquaintance of mine who works for IBM is expert at hacking. He told me about a time he and his wife were in a coffee shop with free WIFI and he bet her he could get into their system in 60 seconds. It took him about 15 seconds. He looked around the room and saw the name of the place then tried a couple of different combinations. Bingo! He was in and had access to all their financial, customer, and other assorted information. No, he didn’t steal any of it. He was just playing around, impressing his wife, and intending no harm.
Just as likely to be hacked by the less studied hacker is an unprotected wifi system. People drive up a street with a laptop and look for wifi signals. Some of them aren’t password protected. They then get access to that computer and all the data on it.
Changing a password is a bother, though. Don’t you hate it? You go onto your bank’s website to check your balance and it asks you to change your password just when you had remembered the old one. You hate it even more when you want to process a credit card for your business through the card portal and it asks you to update your password.
You know there’s a good reason for that. Just look at the 44 lawsuits being filed against Home Depot for their security breach and the millions of dollars Target is having to pay out because of its security breach. You don’t want to join their less and less exclusive club. The chances of your facing big hits like Home Depot and Target did are slim, though, since small businesses and individuals aren’t worth the trouble for the small return on hacking theft. Most likely a breach will come from the hacker who finds easy access into your bank account or accounting and can take your money, sell the information to someone, or steal your identity
With the requirement from your bank or card processor, you diligently change your password, carefully write it down, and maybe put it on a sticky note on your computer so you can remember it; that’s because you took the auto-generated password that the site provided, P0Cc7Ye2. Both writing it down and attaching it to your computer are not the best ideas, of course, but they are effective. What would work best is a password you could remember, like password.
Of course, that’s the first thing hackers try since so many people often use that as their password. You might also use the name of your company, your own name, 12345, or your house number. Also bad ideas since that’s what hackers might try next. Let’s look at some nifty ways to create passwords that are all but hacker-proof and that you can remember. You will find numerous websites that give excellent advice about how to create a hacker-proof password and you will find a few of them listed at the end of this article.
Let’s just use the word “password” as an example of how we can make a simple word less hacker-friendly. You want to use password as your password, but that’s as hackable as 12345. But think of the permutations for “password.” You could start with alternating upper and lower-case, as in PaSsWoRd. That’s better, but it’s also option four or five for a hacker. You can also add some numbers here and there as in PaSsWoRd997. That would mean a hacker would have to go through probably 1000 options after he tried the word itself. Not worth the effort, but still fairly easily hacked with a computer than runs possible passwords until it finds one that works.
But that is not truly memorable. Do you speak another language? In Spanish, it is contraseña. Good luck with the tilde, though. In Dutch, it is Wachtwoord, probably not something a hacker would try right away unless you made a point of Dutch ancestry. You can go to most any search engine and simply type in “translate password to (pick the language)” and you will come up with it quickly.
Another fun trick is to substitute numbers for letters. For example, a P is just a 9 backwards. An S kind of looks like a 3, as does a 5. So password could become 9a55W0rd, where the letter o becomes a zero. Still not something a hacker might try immediately.
But let’s make it harder. Suppose you decide to use 9a55W0rd and add some numbers after it. You might pick your house number, but a determined hacker could eventually try that. Likewise with your date of birth or something else easily found. A better option might be a house number of the house you grew up in. That would be easy to remember. If one of the numbers you choose is a 1, that kind of looks like an exclamation point, !, doesn’t it? Use that in place of the number one or the letter I.
The more letters, numbers and punctuation to better. “Dark Reading,” from Information Week comes up with the following interesting calculation on how long it would take even an “offline” hacking cracking computer to find different length passwords.
5 characters = 10 seconds
6 characters = 1,000 seconds [16 minutes]
7 characters = 1 day
8 characters = 115 days
9 characters = 31 years
10 characters = 3,000 years
Thus, the longer the better if you are relying on a non-intuitive machine to do the hacking rather than a determined actual hacker. But combine length with less-than-obvious letters, numbers and punctuation, and it simply isn’t worth the effort to a run-of-the-mill hacker.
No we certainly don’t want to join the ever-growing club of Home Depot and Target, but we also want to actually be able to get into our accounts without clicking on the “Forgot my password” link on websites, too. Make your password memorable to you but truly difficult to hack.
Some sites for password changing ideas:
wikihow.com/Create-a-Password-You-Can-Remember
http://www.darkreading.com/risk/how-hackers-will-crack-your-password/d/d-id/1130217
http://freedomhacker.net/how-to-create-a-secure-password/
http://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-create-stronger-passwords-0156907/
By Robert L. Cain
