Today I’m going to teach you a little bit about passwords and password security.
The most important thing to consider when picking a password is their integrity against an attack, and one of the most common attacks used is a ‘brute force attack’.
‘What is a brute force attack?’ A brute force attack is exactly what it sounds like, an attacker enters password after password until eventually they find the correct one. Similar to a combination lock, you enter one combination and check it, if it’s wrong you try another. Eventually, the lock opens. Now I know you’re all imagining someone sitting at a computer typing these in by hand and of course it’s not practical to do that. So, these attacks aren’t carried out by a person typing passwords, it’s carried out by something called a ‘botnet’ extremely quickly.
‘Botnet’ (Wikipedia article here for those of you craving knowledge)
A botnet is a network of devices (bots) that work together to accomplish a shared task. – So, now we can look at it as a team of hackers each typing in password after password at the same time, collectively they’re now typing in a thousand passwords a second instead of just one. This rapidly decreases the time taken to crack the password.
Brute force attacks are considered to be 100% effective however they take time depending on the strength of your passwords and this can render them pointless.
‘how do you improve the strength of a password?’ the easiest way to do this is to increase the amount of characters, however this doesn’t add as much security as you would think. A better way to increase security is to use multiple character sets instead, try and include upper and lower case letters, numbers & symbols.
Statistics: [i] These figures are to be taken with a pinch of salt as time to crack varies greatly depending on the tools being used and with each passing the year the hardware and software used gets faster at cracking.
How to make memorable passwords more complex – certain characters can easily be swapped out for another that look similar.
i.e swap “a” for “4” (which looks like a capital A) “s” for “5” or “$”, “I” for “1” or “!”.
Below are a couple of examples of simple passwords along with a complex counterpart:
I’d like to remind you all to change your password periodically, Brute force attacks are time sensitive and each time you reset your password a brute force attack has to start again, this renders them pointless.
If you’ve read all of this and find yourself wanting more information, please get in touch and let us know so we can release more content on this topic with even more detail.
Peace and stay safe, Adam B
[i] The times to crack are rough estimates taken from a forum for a commonly used brute force attack tool (that shall remain un-named for obvious reasons). The possible combinations as I’m sure you can understand are a remarkably complex equation to work out and, in my research, have found widely varying answers and ways to calculate this. These numbers are the ones I have seen most commonly but are not guaranteed to be correct.