Almost any password you pick is weak.

There have been many articles recently about passwords and how they are weak and are being compromised. And if your password isn’t safe then you could lose more than you think. Your identity, money in your bank accounts etc. And no matter how strong the security is, if someone can guess your password, the front gate is open.

Hackers are getting access to a long list of passwords and guessing a large percentage of them. If you can guess the password you can reverse engineer the encryption that is protecting them.

As your password is the gateway to your identity and with two million usernames and passwords hacked recently from social media accounts, CBC News, we are taking action.

If the password is 1 character long, then you have 101 guesses for a standard keyboard to guess every possible password (24 characters upper and lower case, the numbers 0 to 9 and all the symbols not including the F1, F2 etc.). “Guessing every possible password” is called a “brute force” attack.

You can see that brute force attacks get harder and harder as you add characters to your password. In fact only 3 characters in your password would increase the number of guesses from 101 to 999,900 (almost one million!). Six characters is 912,484,742,400 (almost one trillion!), and eight characters is 8,148,488,749,632,000 (over 8 quadrillion!). So the theory behind password strength is just make them longer and longer and it gets so hard to guess all possible combinations that hackers can’t do it because that would take too long. The problem is it isn’t that simple.

Hackers can crack them. This is because the passwords that you select are not as strong as a string of random characters, numbers and symbols. You are not a genius because you have thought of changing all the ‘O’ with the number ’0′ or the letter ‘a’ with the symbol ‘@’ or the letter ‘E’ with the number ’3′. So picking P@tri0ts is one of the common hacker guesses. There are many others like LukeIsAmazing123, P@55w0rd, 123456, qwerty, etc. You could choose a really long password like “Whereforeartthouromeo”. But even though that’s 21 characters long its an English sentence that exists in the world so it is on the hackers guess list.

You would be surprised how many passwords you thought were strong are not.

I could go on, but the truth is that almost all passwords that humans pick are not strong. They are all picked based on some criteria that criteria can be used to crack them. Have a look here for more information on this. Kaspersky’s solution is:

  • Don’t use the same password for multiple sites. [Agree but then you have so many you forget them]
  • Use long and strong passwords [but what is long and strong? - the answer is if you picked it, it is probably weak]
  • Use a special password manager to store all your passwords in an encrypted form and don’t waste your time trying to memorize all of them. This way you can have unique, extremely complicated and strong passwords for each site without the risk of forgetting any of them. [yes as long as they really are long and strong in the first place - and actually the hassle of referring to and typing in the passwords will becoming annoying, so strong passwords you remember solve that issue as over time you will remember them]

So unfortunately there isn’t an easy answer to this. Long passwords of truly random numbers, characters, and symbols are impossible to remember. And anything easy to remember is weak. We haven’t got the perfect solution but we are one step closer. We have built a way for people to easily remember strong passwords.

The guys in our Future Technologies Division (part of the Tigerspike’s Innovation Lab) have used mathematics to know for sure what the bit strength is of words combined with other words. Our algorithms use the entire English language and know not just how rare a word is, but also how rare combinations of words are. And it knows the strength of those passwords.

This means we can have a password like NiceAuthorityElectronicBusiness and know (with mathematical certainty) it is as strong as six random characters, numbers, and symbols. So we have created an app that can create these passwords for you. Version 2 will have somewhere to save them just in case you forget.

There are many other pieces of the puzzle but the password piece, the front gate, is hopefully now more secure. Our app is called kPass and its free to download so if you want stronger passwords go check it out.

Share on Facebook+1Share on LinkedInSubmit to redditShare on Twitter
Luke Janssen

About Luke Janssen

Luke is the Founder and Executive Chairman at Tigerspike, driving its growth from a 3 person mobile technology company in Sydney, to the world’s leading enterprise mobile software company with offices in Singapore, Sydney, Melbourne, Tokyo, Dubai, London, New York and San Francisco. Before Tigerspike, Luke completed a degree in Computer Science from Kings College, London, and after qualifying as a Chartered Accountant with KPMG, moved to Australia where he founded Tigerspike. Luke is married with 2 children, sails competitively, completing the Sydney to Hobart yacht race in 2004, Luke flies planes as well as jumping out of them, and is the 2009 world whistling champion.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>