Recently, Jimmy Kimmel’s team hit the streets to find out how secure people’s passwords really are… and the results are hilarious, and sort of disturbing!
Password security is a big deal in today’s IoT (internet of things) world we find ourselves in… The IoT simply means that the majority of business and critical infrastructures of our society are all being controlled through devices connected to the internet. The concept of IoT is a very present reality now and will continue to grow as more people adapt things like internet enabled devices, smart home locks and even connected thermostats!
It seems everything is connected to the internet, which inherently makes it vulnerable. Studies have shown that passwords are the single weakest link it the IT security chain. Their impact of poor passwords have come to light through recent events such as the data breaches at major companies like Sony and Apple and even more recently the IRS and White House. This leads to lots of individuals personal identifying information (PII), such as SSN’s, being leaked online. Fraudsters will use this info to open new bank accounts and make credit cards under victim’s identities.
By using “passphrases” instead of passwords!
Passphrases are passwords that look something like: “ilovemylilkityandsheisS0nice!” rather than something like: “Fin@ncieS123!.” Although the second password is complex using upper and lower case, number, letters, and symbols, it’s still not as secure at the first. According to How Secure is My Password, it would take “40 undecillion” years to break “ilovemylilkityandsheisS0nice!”
Passphrases are harder to crack than passwords, because the various bits of the phrase are more difficult for “brute force” attacks to decipher them. In a “brute force” attack, theoretically a hacker could be trying 10,000 passwords per second, and which eventually can crack even very complex passwords. One month of cracking at 10,000 passwords per second, would be over 25 billion combinations of passwords to be tried.
How to come up with a Passphrase?
To begin with, a simple rule of thumb is that the longer the phrase, the more secure. Passphrases should be made with what they are correlated with, to help you remember them. For example, if you use PayPal to pay friends back, your passphrase could be “tnksforlettingmebarrow$$itismuchapperciated!” You’ll also notice intentional misspelling of words, because using unique words, not in a dictionary, make them very hard to crack. Additionally, when sites let you use spaces between words, that’s even more secure. You don’t necessarily need a different passphrase for every single site, but it would be a good idea to have a separate one for work/business, finances, and personal data. If you use the same one for all sites, it would only take one site to be breached and then they would all be compromised. A further benefit of passphrases is that they can also be easier to remember than one or two words with random symbols in them.
It’s highly recommend to start implementing Passphrases, versus passwords, and ditching those 5 year old passwords we all still use!
Wondering about your own security? You can find out how secure your password or passphrase is here on this handy site!
As always, let us know if you have any questions… we’re here to help!