With the recent news that Facebook founder and CEO Mark Zuckerberg had his Twitter and Pinterest accounts hacked due to setting a very unsecure password, it’s a reminder that no matter who you are, what you own and how fantastic your portfolio of content may be, all that stands between it and an intruder is one alphanumeric string.
In Zuckerberg’s case, it wasn’t even alphanumeric – just alpha. The social media supremo, with all his internet knowledge and experience, should really have known better than to allegedly protect two of his social media accounts with a password as basic as ‘dadada’.
Zuckerberg may or may not be a fan of ‘80s new wave one-hit wonders Trio, but his choice of password was a poor one for several reasons. It’s too short for a start, and a lot of sites won’t even allow users to set a password of fewer than eight characters. Some also ask for at least one upper and lower case letter, and at least one number. Including some of the lesser used characters, like the percent sign or caret (^) can help your password become even more difficult to guess.
If you think about it, if you stick solely to lower case letters, each letter in your password has a 1 in 26 chance of being correctly guessed. For a six-letter password, this becomes 1 in 26 to the power of 6, which is roughly 1 in 300 million. That may sound very unlikely, but bear in mind that there are tools specifically designed for hacking that use ‘brute force’ attacks, trying combination after combination in an attempt to gain access. Also remember that Zuckerberg only chose two variables – ‘d’ and ‘a’. His choice of ‘dadada’ is the sort of word you might type lazily on a keyboard if you were sat in front of a computer with nothing to do, and is the sort of password that hacking software would probably try first.
Just by using upper and lower case letters, you make each letter a 1 in 52 guess. Do this and increase your password to eight letters, and the odds of someone guessing your password are now 1 in 53 trillion. To put that into mathematical perspective, that’s about 179,000 times less guessable than a six-letter lower case password. Add a few numbers and non-alphanumeric characters, and the odds soon become so small, they’re hard for the human brain to comprehend.
The only problem is that the more obscure your password, the harder it is to remember, so how do you make sure your password isn’t so unusual that you forget it yourself? If we stick with the idea that Mark Zuckerberg loves Trio, he’ll probably know that ‘Da Da Da’ was a hit in 1982. Straight away, he’s now got some numbers in there. He’ll also note that the band and song title contain capital letters. Throw in some characters in place of letters, and his password could be:
Much harder to guess, and not much harder to remember once typed a few times.
Whatever mnemonic you use to remember your password, just don’t be one of the many who chooses ‘password’ or ‘letmein’, or even the names of your kids or favourite football team. Otherwise, you may as well not be setting passwords at all.