Don’t play ‘pass the parcel’ with your passwords

Posted on June 16, 2016

 

With the recent news that Facebook founder and CEO Mark Zuckerberg had his Twitter and Pinterest accounts hacked due to setting a very unsecure password, it’s a reminder that no matter who you are, what you own and how fantastic your portfolio of content may be, all that stands between it and an intruder is one alphanumeric string.

In Zuckerberg’s case, it wasn’t even alphanumeric – just alpha. The social media supremo, with all his internet knowledge and experience, should really have known better than to allegedly protect two of his social media accounts with a password as basic as ‘dadada’.

Zuckerberg may or may not be a fan of ‘80s new wave one-hit wonders Trio, but his choice of password was a poor one for several reasons. It’s too short for a start, and a lot of sites won’t even allow users to set a password of fewer than eight characters. Some also ask for at least one upper and lower case letter, and at least one number. Including some of the lesser used characters, like the percent sign or caret (^) can help your password become even more difficult to guess.

If you think about it, if you stick solely to lower case letters, each letter in your password has a 1 in 26 chance of being correctly guessed. For a six-letter password, this becomes 1 in 26 to the power of 6, which is roughly 1 in 300 million. That may sound very unlikely, but bear in mind that there are tools specifically designed for hacking that use ‘brute force’ attacks, trying combination after combination in an attempt to gain access. Also remember that Zuckerberg only chose two variables – ‘d’ and ‘a’. His choice of ‘dadada’ is the sort of word you might type lazily on a keyboard if you were sat in front of a computer with nothing to do, and is the sort of password that hacking software would probably try first.

Just by using upper and lower case letters, you make each letter a 1 in 52 guess. Do this and increase your password to eight letters, and the odds of someone guessing your password are now 1 in 53 trillion. To put that into mathematical perspective, that’s about 179,000 times less guessable than a six-letter lower case password. Add a few numbers and non-alphanumeric characters, and the odds soon become so small, they’re hard for the human brain to comprehend.

The only problem is that the more obscure your password, the harder it is to remember, so how do you make sure your password isn’t so unusual that you forget it yourself? If we stick with the idea that Mark Zuckerberg loves Trio, he’ll probably know that ‘Da Da Da’ was a hit in 1982. Straight away, he’s now got some numbers in there. He’ll also note that the band and song title contain capital letters. Throw in some characters in place of letters, and his password could be:

Tr!oDaD@Da1982

Much harder to guess, and not much harder to remember once typed a few times.

Whatever mnemonic you use to remember your password, just don’t be one of the many who chooses ‘password’ or ‘letmein’, or even the names of your kids or favourite football team. Otherwise, you may as well not be setting passwords at all.

John Murray

Content Team Leader at Engage Web
John works for Engage Web as a Content Team Leader and regularly contributes to the website and programmes of his beloved Chester F.C.

Like us on Facebook to see more posts like this

You might also be interested in:

1 Comment »

RSS feed for comments on this post. TrackBack URL

Have your say!

Call Now Button

We have worked with:

minute-man-press-image
TEL: 0345 621 4321