“But really, why can’t I just have the same password for everything?”
“Who’s going to target me? I’m not important.”
“I’ve got it! I’ll just make my password mostly the same and change things at the end, such as Sup3rPassword!Facebook and Sup3rPassword!Gmail”
These are just some of the things I’ve heard (and honestly thought) over the years. Understandably there’s a lot of resistance to it, because cybersecurity is a hassle for everyday people, and the more secure our machines are, the harder they are to use.
So I’ve decided to explain the different aspects of passwords and authentication in little bite size chunks. Today we’ll talk about why we need complex passwords. That’s it, just one little bite at a time and we’ll get through this together, while making our technology more secure.
Sounds fun, right?
Part 1 - Why you need strong (complex) passwords:
There are tons programs that can attempt to guess thousands of passwords per minute. A password that’s a regular word, like ‘watermelon,’ can typically be guessed by one of these programs in 1-2 minutes.
Add a capital letter somewhere like ‘watErmelon,’ and now the same program will take upwards of 5 minutes to guess your password.
But if you follow these three steps:
Add special characters,
make sure that nothing is a word from the dictionary,
and make the password longer…
You end up with a password like ‘w@T3rm#70N,’ and you’ve added almost infinite possibilities that a computer program has to guess, which will take much longer.
Now, I should stop here to let you know that even though it will take longer, any password will eventually be guessed. But if it takes 7-30 days for a machine to guess your password, it’s likely you have since left the coffee shop you were sitting at and the would-be hackers don’t have access to your computer anymore, and therefore can’t guess. However, if you have a simple password that takes 2 minutes to crack, well, you could be hacked while waiting for your to-go order.
So, complex passwords should:
Be a minimum of 8 characters in length
Use both uppercase and lower-case letters
Use special characters (such as &, ?, @, *)
Want to know more about how to secure your passwords? Go on to Part 2!