Password Security

Because this is the easiest but probably most important thing each of us can do to protect ourselves and our network, I chose to start with password security. I know some of your passwords because I have to work on your computers. If they are that easy for me to remember, they probably aren’t secure. You might think they are because they are a word and a number. Many people throw a 1 on the end of a word or a name and call it a password. While that makes our lives easier because we have so many passwords we are expected to remember, it’s also very dangerous. Cybercriminals cast wide nets hoping to catch a person who is vulnerable. Don’t think you wouldn’t be a target because you’re just you and why would anyone want your information. Basically, it’s not even a real person that picks the victims. There are programs used to sniff out easy targets. Have you or anyone you know fallen victim to ID fraud? Working at the police department, I know it happens a lot! Let’s not make it easy for the bad guys.

Cybercriminals use various methods to get our passwords. One of the most common and easiest methods is to use a program that sends what is called a Brute Force Attack. A Brute Force Attack is a trial and error method used by programs to decode encrypted data such as passwords through exhaustive efforts rather than employing intellectual strategies. Some people have pretty easy passwords, and it doesn’t take long for a software program to crack. If you have a dictionary word as your password, you need to change it. A dictionary word password is just the word itself such as “monkey,” which is one of the most popular passwords out there. It can be cracked by a hacker instantly. “monkey17” would take one minute to crack. “monkey2017” would take a day to crack. These brute force attackers just run until it finds the password. My Yahoo password, according to howsecureismypassword.net, would take 29 million years to crack. My gmail password would take 6,000 years to crack. My work password would take 4 days to crack. Better tighten that one up. What a pain. But it’s important, so I will do it. The method I used to create the passwords for my gmail and yahoo accounts is to take a phrase or lyrics of a song I like and use the first letter of every word of part of that song. You can mix it up by occasionally replacing O’s with 0’s and I’s with 1’s, etc. But if you have more than one o in the password, don’t use 0 for all of them because hackers know the trick about replacing characters, but if we change it up a little, it will make it a little tougher. Also, just throwing a few numbers at the end makes it a lot more secure. However, you need to be able to remember the passwords. For example, using the Star Spangled Banner’s lyrics “Oh say can you see by the dawn’s early light,” if you use “oscysbtdel?” it would take 1 year to crack that. Just by making the o uppercase, it changes it to 200 years. Without the ?, it would take 59 minutes to crack. Please consider using stronger passwords, and don’t use the same passwords between accounts.

So think of a new password and check it using an online checker such as https://howsecureismypassword.net/  or http://www.testyourpassword.com/. Some people don’t believe in these sites because hackers know all of the tricks, but it’s really better than nothing. Remember, there is no guarantee that a hacker isn’t going to get in just because these sites tell us our passwords are strong.

Here is a link to an article on strong passwords. There is also information in it on other things I will cover in later emails. http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/

–Lisa Bednarz
IT Director
City of Centerville, UT


Infobytes note: Lisa Bednarz is the IT Director at Centerville, Utah. She has been sending weekly security updates to all the employees and elected officials in Centerville. Centerville is a long term and premier client of Infobytes. They graciously let us share this important and timely security updates with the rest of our clientele.