Is your password strong enough?

Is your password strong enough?[ 5 min read ]

So you think you are security conscious? But is your password strong enough?

A lot of people are concerned about security, I’d go far as to say that some people are verging on paranoid in terms of their personal safety. They check they’ve locked doors, checked their keys and sometimes even go back to check again. But how secure are you with your online life?

I am very secure thank you very much

But are you?

Whenever we work with a client, we make sure that the security on their site is up to scratch. We use a plug-in (or three) which can help prevent attacks, but also add things like Captcha to contact forms and extra security at sign on to help keep you safe.

But, what happens if your password lets you down?

Yeh, but my password is safe… I think?

I hold my hand up here, I didn’t always practice what I am preaching here. I used the same password all over the place. That’s the first rule broken for a start!

ALWAYS make sure that you use a unique password. No matter how insignificant you think the site is.

Once one password is cracked, then there is a good chance that this can be used to get into other sites if you’re using the same one (or variations of it) all over the web.

But it’s so hard to remember!

Yes, it is, but you don’t have too; and no, I don’t mean writing it down! That is rule number two broken!

NEVER write it down or store it in a file in plain text! No, no, and no!

There are lots of different password vaults which you can use now, so there are no excuses. We tend to use LastPass, there are other ones such as Dashlane, Keeper etc.

https://www.lastpass.com/

(There is a comparison chart here if you fancy geeking out on it https://uk.pcmag.com/password-managers-products/4296/guide/the-best-password-managers-of-2018)

These basically mean that you can store everything you need, but only then have to remember the vault password.

I am a convert to this!

But my password has special characters in it

That alone may not save you from your password being cracked.

Have a look at the images below. This is basically different iterations of password as a password.

You can see how adding complexity such as uppercase characters, numbers and special characters will help, but really you need the mother of all passwords to keep you totally safe…

crack password
crack Passw0rd
crack Passw0rd!

I am still not convinced

OK, let’s look at how passwords are cracked. There are several methods, and perhaps the most simplistic of all is guessing!

How many of us put our life online? We have our date of birth, spouse’s name, pets, favourite food, favourite band and possibly first pet all there to see on social media. This is all prime password material, how many of you would use one of these? If someone knows you and wants to crack your password; this is where they’ll start.

The next way is a dictionary attack, so basically the cracking code will go through words which appear in a dictionary. So having ‘real’ words as your password is not safe either. Oh, and if you add special characters at the end, nope, that isn’t always safe either. It will stall it for a bit, but it can still be cracked by a more sophisticated program.

Yes this takes much longer, but remember that computing power is advancing at a rapid rate, what would have taken years to crack 30 years ago, could most likely be cracked in 5 mins now!

The final way is automated, bots (as we like to call them) go and work through all the iterations of a characters which can be put in a password. This is really a lot of effort and usually a last resort (or the work of someone who is desperate) and it will take a fair amount of time to crack as we have seen in the screen shots above, the more complex the character use is.

OK, I give in, what do I need to do?

If you really want to make sure you are crack proof, then have a randomly generated password, the longer the better.

Again there are sites on the web that can help you with this (see below), or you can make up your own.

https://my.norton.com/extspa/idsafe?path=pwd-gen

https://www.lastpass.com/password-generator

https://www.expressvpn.com/password-generator

The image to the right shows that if you have a 20 character password which has randomly been generated, then it’s going to take a long old time to crack.

crack a random password

Example of a password generator

random password generator
Suzi Smart Bear

I'm Suzi - the owner of The Smart Bear.

Skip to content