Computer passwords; they’re mundane and every day and even the most complex can be cracked – eventually. But that shouldn’t stop you from protecting your digital life with a password that will give hackers headaches until an alternative comes along such as the pill which is activated by stomach acid and sends out an 18-bit ECG-like signal or a RFID chip injected into your body. Sounds crazy but being they’re being worked on as you read this. To find out more and how to set a real tough nut password read on.
Every now and then a story about computer passwords will hit the mainstream news. It’s usually based on some research that says the most common passwords found on the internet are frighteningly easy to crack.
People choose the simplest passwords
The latest story to surface was based on a survey carried out by SplashData
which revealed that the most popular passwords in 2014 were based on a string of numbers such as 12345, 123123 and 111111. ‘Password’ also figured highly on the list. The survey was an easy story for the press to run; it had all the right ingredients in that it was newsworthy, topical and also included a little bit of shock and horror. How could people use these obvious passwords? Don’t they know somebody simply guess and gain access to their digital crown jewels? And of course it’s an extremely valid point.
Complex passwords can be cracked also
But the bad news is that a determined hacker can crack even the most complex of passwords; if they want to. And here’s how:
- When you sign up for an account on a website you create a password. This is stored in the organisation’s database as cryptographic hashes. These are strings of numbers and letter that are converted to plain-text passwords by running them through an algorithm.
- Hackers will break into the database and pull out the complicated cryptographic hashes. There’s little they can do with them as they are. But by running computer programmes that are designed to crack these hashes they can convert them to the plain-text passwords.
- There are enough of these computer programmes available to allow them to do the job. Just a few include oclHashcat, Pwdump3, and coWPAtty for wireless network passwords.
- Professional hackers use these software tools to crack passwords but even hackers with limited skill sets can easily access and use them.
Then of course there is the ever-present and ubiquitous phishing email which is designed to lure you into parting with your personal details including passwords. It may seem dispiriting but in the final analysis, a professional hacker will be able to crack your password no matter what. So in a sense there isn’t a password that is completely safe but that said, and importantly, there are a number of steps you can take to dramatically reduce the chances of becoming a victim.
The ideal password protection is impractical
The fundamental rule of password cracking is that the longer the password, the longer it takes to crack. So logically you should choose a password that is the longest length possible. Then ideally you should change it about once a month.
5 tips to create a secure password
But this is unrealistic for most people. However, there are other steps you can take to ensure maximum protection with minimum effort:
- Don’t use words alone – a password that consists of just a word or series of words is a no. Tools exist that allows hackers to simply run through dictionary words and apply them to your password. Even if you add numbers and special characters the password can still be cracked by these tools.
- Don’t just use numbers - There are only 10 digits our number system so even a numbered password with 10 characters only amounts to 9,999,999,999 possibilities and can easily be cracked with brute force attack.
- Use different passwords on different accounts - If you use the same password on all of your accounts, your information is only as secure as the weakest system storing your password. Not all organisations’ security is equal. In fact, some networks are frighteningly leaky. If a system is hacked and your password is stolen along with others it won’t take long for a hacker to trace you and your computer and then try the password on your bank account, credit card account, email account and so on.
- Create a passphrase - the method that will frustrate hackers the most is to develop a passphrase that is long and includes no words, rather it is created from random symbols, letters and numbers.
You can take a phrase that means something to you like ‘I love cheese with hot peppers’ and assign each letter a unique symbol, letter and number. Essentially you are developing your own cryptographic code. Or you can simply create a password with random characters such as tX8meK#))5zE/z. These are tough to crack and require a lot of brute force password hacking resource.
- Change your password every month – this is important but could become tiresome and will probably lead to deep sighs, a shrug of the shoulders and a decision to just carry on using existing passwords. But hold on, help is at hand. Random password generators are really helpful – they provide tough nut passwords and in some cases code sentences to help you remember them. If you don’t have the memory of a genius you can also use password managers which store your different passwords securely. This LifeHacker article provides an excellent overview of the five the best password managers.
What happens when a hacker cracks your password ?
If you want to get a sense of what can happen when a password is cracked look no further than Wired journalist Mat Honan
who had his digital life destroyed within an hour. As a rider, he was specifically targeted and the damage caused has all the hallmarks of a vendetta. Clearly, this doesn’t mean it’s going happen to everyone but it illustrates very well how the interconnectedness of our digital lives leaves us vulnerable to mischief and in some cases much worse. In 2012 hackers got into his Apple, Twitter, and Gmail accounts seeking his Twitter name. They used his Apple account to wipe every one of his devices, iPhone and iPad and MacBook, deleting all messages and documents and every picture he had taken of his 18-month-old daughter, all within an hour.
The future of passwords
The ingenuity of human endeavour is endlessly creative and sometimes just plain bizarre. The following password methods have been put forward as alternatives to the traditional alpha/numerical/symbol password code. Some are ingenious, some are freaky and some might just catch on.
- Password pill eaten at breakfast which is activated by stomach acid and sends out an 18-bit, ECG-like signal, similar to the kind used in an echocardiogram. The signal works as secure authentication on digital devices, and last about 24 hours, until the pill is passed out of the body.
- RFID chips injected into the body. When hit by a radio signal the chip emits a signal of its own which is a unique identifier number that functions like a long password. Smartphones, computers and car locks have been created to recognize the signal given off by the implanted chips.
- Every person's heartbeat is unique just like fingerprints. In fact they are so unique that no pattern of beats ever repeats twice. This may make heartbeats perfect passwords. Taiwanese scientists have devised a heartbeat-utilizing encryption scheme based on the mathematics of chaos theory and are aiming to build the system into external hard drives and other devices that can be decrypted and encrypted simply by touching them.
- Eye movements are also unique, hard to forge, and potentially very good passwords. Researchers are currently studying ways to turn eye movement into authentication.
It’s hard to see pill-popping, tattoo-stamping methods catching on other than in extremely sensitive and niche areas. That said, fingerprint identification is already a standard on some laptops and desktops and the idea of facial recognition is rapidly gaining ground, though today’s technology can be fooled by photographs. Until some alternative to plain-text passwords becomes fool proof and widespread the securest thing is to create a long password with random, symbols, characters and numbers – just don’t forget it.