October is Security Awareness month, which means there’s never been a better time to review your security measures. As an IT-based organisation, we understand the frustrations that managing passwords often brings about. If you’re in the least bit forgetful, you’ll relate to the agony of recalling passwords – after all, it’s no simple feat to know them and remember them at the best of times.

So, as flawed human beings who tend to gravitate towards non-complex, how can we make the challenge of creating better security easier? Granted, we’re not historically great at passwords. But we can be.

Let’s get one thing straight. The longer your password is, the harder it is to crack and hack. As trial and error are the names of the cracking game, length is a critical factor in security. While we’ve been forced to create passwords that are viewed as more difficult to hack, by using numbers and symbols as substituted variants, all this really achieved was to make passwords appear more confusing for humans to read. And to remember.

Here’s why.

A state-of-the-art computer cluster (in 2012) can complete up to 350 billion operations in one second. That’s no tortoise. Assuming the password was encrypted within memory, it would take 100 operations for the cluster to check one password, and then 3 billion separate passwords could be checked per second. If the password wasn’t stored in memory but on a web server, or a disk, the time taken to crack the password would increase accordingly.

An advanced computer cluster will simply start with a, and (hopefully) fail, then move on to trying ‘b’, through to ‘z’. From here, the calculations continue of from ‘aa’ to ‘ab’ and right through to ‘az’, right into complicated passwords that include letters and case variation that we hope you’re using. This sounds awfully time-consuming, but, let's take a look at how long it’s projected that such a computer might take to crack the password ‘potato’.

• 'potato' - 12 bits - 1 millionth of a second
• 'p0t@t0' - 21 bits - 0.6 thousandths of a second
• 'X4a@0!' - 38 bits - 1 minute
• 'how much is that doggy' - 90 bits - 10 billion years
• 'How much is that doggy5' - 106 bits - 70,000 billion years

If you thought 'p0t@t0' was a more secure password than ‘how much is that doggy’ you’d be quickly forgiven: We’ve been told time and time again that complicated passwords are the objective, when really it’s overall complexity plus length that makes a password hack-impenetrable.

“I’ve got nothing to hide” doesn’t translate to “nothing to lose.”

Wondering what anyone would want with your cracked data anyway? A hacker hoping to find your private collection of embarrassing selfies simply isn’t on the same highway as a hacker hoping to hijack your identity or use your accounts to carry out organised crime. And it’s THAT simple. If you, like most of us, have one good password that simply varies from site to site, there’s little point to your efforts. It takes little time to test any other relevant site using a password variation.

Never double up. Ever.

Even if you’re up to date with a secure, hack impenetrable keyword, you could still be guilty of another huge flaw in the design of our passwords. As humans, we like to compartmentalise- often an attractive option is to standardise our passwords – and next to ‘1234’, a using the same password across multiple sites is the biggest contributor to compromised data. So, don’t do it.

I’m terrible at creating, keeping, remembering, storing passwords. Please help me.

Noted. Not everyone can come up with a password that’s waterproof. Here are two resources to make it easier than ever to stay safe online.

1. Use a trusted Password Generator. These passwords could be cracked, but only after a cool 10 million years of attempted hackery. Solid!
2. Use a password store, like KeePass. When you use KeePass, your passwords are not stored in the cloud, they don’t leave the building and they’re protected by a superstrong master key. You’ll need to use the strongest master key password possible for your effort to be worth it, but used as intended, this is a system you can rely on.

We hope you’ve found this discussion around security an informative read! We encourage everyone to make the most of October as security month and to make a point of getting (significantly) better at password management. Of course, should you need any advice or support in regard to your tech questions, feel free to reach out to the team of experts at Tek Support on (03) 9590-0560 – we’re always happy to help!