You are here

Combination lock

Passwords: Keeping your Data Secure is a Team Effort

Many times when we are called about an email security breach, it is due to a weak password. The threat is real. As our client, we protect your data (emails, website, etc.) constantly and with ongoing diligence and awareness. Unfortunately, as locked down as your information is, if you choose a weak password, it could become vulnerable. The good news is that this is any easy solution to address. The first step is to better understand what the threat is and what makes a strong password.

What is the danger?

A weak password can allow viruses to gain access to your computer and an easy-to-guess password can allow hackers to use your computer to hack into other computers connected to your network. Those same hackers can use your email account to send malicious messages in your address book, inbox and others.

Some common methods that attackers use for discovering a victim's password include:

  • Guessing - The attacker attempts to log on using the user's account by repeatedly guessing likely words and phrases such as their children's names, their city of birth, and local sports teams.
  • Online Dictionary Attack - The attacker uses an automated program that includes a text file of words. The program repeatedly attempts to log on to the target system using a different word from the text file on each try.
  • Offline Dictionary Attack - Similar to the online dictionary attack, the attacker gets a copy of the file where the hashed or encrypted copy of user accounts and passwords are stored and uses an automated program to determine what the password is for each account. This type of attack can be completed very quickly once the attacker has managed to get a copy of the password file.
  • Offline Brute Force Attack - This is a variation of the dictionary attacks, but it is designed to determine passwords that may not be included in the text file used in those attacks.

Strong passwords help drastically reduce the chance of your personal or business data that is stored on various devices from becoming vulnerable. It is your responsibility as a user to make sure that all of your accounts have passwords that are difficult to guess as possible.

Some common weak passwords

  • 123456 - As of January 2014, this overtook “Password” as the weakest password.
  • Password - The word "Password" is the second most commonly used password and it is extremely weak. These are simple words and easily guessed or broken with a hacker program that uses a dictionary assault on the password.
  • Smith1970 - Though this uses 9 characters and includes letters and numbers, names that are associated with you or your family, or uses other identifying information such as birth year, are easily hacked.
  • F1avoR - Though it mixes up capitols and numbers, it is too short and substituting the number 1 for the letter l is easy to guess.

To avoid easy-to-guess passwords, there are some great ideas for tricky and easy to remember passwords.

How do I build a better password?

Use a phrase and incorporate shortcut codes or acronyms:

These examples let you use phrases that either mean something to you, or you associate with a type of website. For example, the ’all for one and one for all’ may be the password for a social networking site where it’s all about sharing. It could be phrase about money for a banking site, and so on.

  • 2BorNot2B_ThatIsThe? (To be or not to be, that is the question - from Shakespeare)
  • L8r_L8rNot2day (Later, later, not today - from the kids rhyme)
  • 4Score&7yrsAgo (Four score and seven years ago - from the Gettysburg Address)
  • John3:16=4G (Scriptural reference)
  • 14A&A41dumaS (one for all and all for 1 - from The Three Musketeers, by Dumas)

Use passwords with common elements, but customized to specific sites:

These examples tell a story using a consistent style so if you know how you write the first sections, and you’re on the login page for a site you’ll know what to add.

  • ABT2_uz_AMZ! (About to use Amazon)
  • ABT2_uz_BoA! (About to use Bank of America)
  • Pwrd4Acct-$$ (Password for account at bank)
  • Pwrd4Acct-Fb (Password for account at Facebook)

Add emoticons:

While some websites limit the types of symbols you can use, most allow a wide range. Make your symbols memorable by turning them into smiley faces to instantly boost your password power.

Commonly allowed symbols:

  • #
  • $
  • %
  • &
  • *
  • ( )
  • { }
  • < >

Some Basic Smiley Faces:

  • : )
  • = (
  • ; )
  • : <
  • : D
  • 8 )
  • : /
  • <3
  • : }

What if something goes wrong?

Admittedly, we’d rather you call us with a password question than with a security issue but we’re Your Web Team and we’ll work with you each step of the way to help you get the most out of your investment. And if it’s just a lost password to your email, you can even talk to your in-house email admin; he can reset your password too.

Keeping your data secure is a team effort and together we can reduce the threat.