Computers, especially websites, do not know you. The only thing a computer ever knows is what it is told. Humans are pretty good at recognizing other humans, especially if they see and talk to each other fairly regularly. If my six year old niece walked into my bank and told the teller that she was me I don’t think the bank teller would believer her, but if she went to the website with my username and password the bank’s computer would believe her.
Most of the sites and services we use online from google to amazon to banks and security systems use the same identification method. Nearly everything is protected by nothing more than a username and password. Imagine what would happen if a hacker managed to get your passwords.
Make no mistake, hackers want your password. In 2011 77 million (77,000,000) playstation accounts were stolen by hackers. In 2014 five million (5,000,000) gmail accounts were hacked and release online. In 2012 four hundred thousand (400,000) yahoo email accounts were hacked. These are only a small sample of the hacks we know about. You may want to change your password.
There are a number of different techniques used to hack into someone’s account, but for the most part hackers use either a dictionary or brute force attacks. In a dictionary attack a hacker uses a dictionary, or a word list, to guess what your password might be. If your password is a word or combination of words that can be found in a dictionary then you can be easily hacked. A brute force attack is similar to a dictionary attack except instead of using a word list it tries every possible combination imaginable.
A modern computer with a decent brute force or dictionary attack program can attempt billions of possible passwords a second. Websites and services have ways of interfering with these attempts but your best defense is a long and complicated password, one that would take years for the computer to guess.
If your password is eight characters long and all lower-case, like “password,” it would take a hacker 3.5 minutes to guess it. Changing one of those lowercase characters to an uppercase character, like “Password,” means it would take him almost 15 hours. Replacing any letter with a special character and keeping the uppercase character, like “P@ssword,” means it would take the hacker 70 days to guess your password. If you added a single character to “P@ssword” to form “P@ssword1” it would take the hacker 18 years to guess the password. If you added two characters to “P@ssword,” to form “P@ssword11” it would take the hacker 1,707 years to guess the password.
Don’t use any of those passwords, by the way. Those numbers are for a brute force attack and you can be sure they are part of a hackers dictionary attack. What you really need is a 12 character random collection of upper and lower case with special characters. The password s2No~$EtE5^4 would take 15,091,334 years for a hacker to guess it.
With simple passwords being so easy to hack why do we continue to use passwords like “password”, “123456”, and “monkey”? Because these passwords are easy to remember and with everything wanting a password these days it is too difficult to keep track of good passwords, and frankly humans are bad at making passwords.
For this reason you need a good password manager. I highly recommend last pass, the free version is excellent and the premium version is only $1 a month, but lastpass is not the only good free manager available, for a list of the best free managers visit http://www.pcmag.com/article2/0,2817,2475964,00.asp
Regardless of which manager you chose make sure it can generate truly random passwords for you and make sure your password for the password manager is really hard to guess because the biggest weakness of a password manager is all your passwords are protected by one single password.
Don’t Be Cracked: The Math Behind Good Online Passwords
Gibson Research Corportation