Every year when we change our clocks to and from Daylight Savings Time, we are all reminded to change the batteries in our smoke alarms. This is good advice, and I generally follow it. I am afraid of fires, and the smoke alarms keep me feeling somewhat safe.
According to an article in Yahoo! today, we face large risks because most of use online passwords that are easily cracked. Some people are still foolish enough to use 1111, or 1234, their birthday, or some other easily guessable piece of personal information. The reason we do this is that we need something easy to remember. But, according to the article, 90% of all the passwords used are vulnerable to hacking.
Think of the fun someone could have getting into your online bank account, or your online investment account. Think disaster!
So, that’s why I think it is time for everyone to change their critical passwords, and we should do it at least once per year. Make it something that is not so easy to remember. Make it something you have to memorize, or something you can keep in a secure place. After all, it is only your life and how you live it at stake.
I just changed my banking and investment account passwords. It was easy. I spent a few minutes planning the new passwords. I used the services of a web site that will generate random characters for you in strings of 63 characters long. No, you don’t need a password that long, but if you do it is very easy to accomplish. Keep a text copy, and just copy and paste into the password forms when you need it. It is virtually impossible to memorize that many characters, and virtually impossible to crack, too.
Here’s the site: https://www.grc.com/passwords.htm.
It is part of the Gibson Research Corporation website run by Steve Gibson, famous computer security expert. There are lots of free security services that he offers, and the “Perfect Passwords” page is one of them. When you surf onto the page, it automatically generates a new set of random passwords. You don’t need 63 or 64 characters, so just grab eight to twelve characters from the string, write them down, and memorize them. Remember that they are random characters (A-Z), (a-z), and (0-9). You can choose another string that contains random punctuation characters thrown in, but many banks do not allow punctuation or other special characters in your password.
Here is a 63 random character string:
63 random alpha-numeric characters (a-z, A-Z, 0-9):
Just pick eight or twelve from this string. I am using a twelve character string, and it is very secure. Yes, you HAVE TO MEMORIZE it. Do you want someone to get into your bank account?
Another service Gibson offers tests the strength of your password. Here is an example using the first eight characters of the 63 character example I gave you. – nBDnH6rD
|Online Attack Scenario:
(Assuming one thousand guesses per second)
|Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
|Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
You can test your password on this page: https://www.grc.com/haystack.htm.
Now, if someone could generate one hundred trillion guesses per second, they could brute force crack your random eight character password in a little over two seconds. I don’t think there is a computer on earth that can do that. So, just look at the 70 or so centuries it would take a computer to crack it at one thousand guesses per second, and you get the idea. Rest assured that if the CIA wants your stuff, they will get it. They are the government, but even they would have problems cracking this password.
Do yourself a favor and change your password. Spend at least a half-hour playing with new passwords by writing them down and memorizing them before making changes. If you mess it up, you can always call the bank and try again.
Have a safe and prosperous year. Keep your guns and money close.