Data breaches are becoming more commonplace, and it's a continuing test of both technical and personal security. Passwords continue to be an important part of the security discussion, but if you don't know what a "good" password entails or how an allegedly good password could still lead to a breach, here are a few information security details to guide you:
Why Do Password Hacks Continue To Happen?
The same technology that allows faster commerce, faster internet, more complex programs, and a generally more powerful technical world is also helping people break into the technical systems--if not from directly empowered new techniques, then because more people are educated enough to both create and destroy technology.
Information security is a constant game of catch-up. The fight is much easier for system defenders because of more tools, more education, and a wider reach to find people interested in security, but there's also more free information for the malicious or harmfully curious individuals.
Predicting attacks only works when the attack is related to something that already exists; a truly talented hacker will create a new technique, perfect it, and stay quiet until a long plan of exploitation can do maximum damage--or steal the information they need.
The good news is that these breaches are easy to clean up on the part of the end-user or consumer. Hackers rely on not only stealing the information but hoping that their victims don't act to secure their information by canceling credit cards or placing alerts on their credit reports for any new accounts that may open.
Password Security, The User's Shield
Businesses have their own security responsibilities, and while you should hold them responsible for certain breaches while condemning hackers, you need to play your part as well. A good password has a few complexity points that ensure difficulty when it comes to figuring out the password, but you need to remember them as well.
To understand good passwords, understand what a bad password is first. Words found in established dictionaries such as Webster's, Oxford, or Cambridge are usually blocked from being used. This is because a type of brute force password entry program can use what's called a dictionary attack to sift through all known words with different combinations of lowercase and capital letters.
Most password systems have an additional protection in terms of locking out your account for a certain amount of time--or permanently--if the password is wrong multiple times. Unfortunately, there's still that small chance that the hacker will get the password right on an early try, and hackers who know their prey can simply put in a timer for the lockdown time while they go on with their life.
Other bad passwords involve personal details about you that can be found in public record. Your name, physical address, email address, phone number, and any information you're entering as part of a website profile should be prohibited. If not, don't take this as a chance to make an easy password.
There are multiple schools of thought for medium and strong passwords:
Replace letters with numbers in the 1337 style. 4ppl3.
Add more words to the dictionary word. AppleSweetCrunchRed
Write a phrase about apples. ApplesHaveWorms
Each style has its benefits, and can even be mixed with each other. If new passwords are difficult, a password manager can create complex passwords while giving you a master password that can be recovered securely if you forget. Contact a password security professional to figure out your data security risks and to find a way to browse more securely.
Contact a password manager sign up service for more information and assistance.