Your Password is Bad and You Should Feel Bad

Matthew Thumb

Matthew Rotter
06.16.16

With the latest twitter hack in full force, the topic of password protection is making the rounds once again. And it makes sense too, with 32 million Twitter passwords in the hands of Skynet, if you’re not changing your password right this second, then you should stop what you’re doing and take a look at this.

Right now you might be thinking, “You’re totally right, Matt. I should probably have a better password.” Instead of following through you go back to drinking your Merlot and pinning the cake for your dream wedding that you’re never going to have. Lucky for you, changing your password is easier than taking another bite of that day-old brie.

How to Create a Fail-safe Password

While one way to pick a password is watching the tears drip down onto your keyboard and recording the letters each drop lands on, here’s some do’s and don’ts for creating that perfect password.

Don’t: Use your own name or the name of your fantasy boyfriend. ‘Mrs. Gosling’ is not a good password.

Do: Create a memorable phrase! Here’s some examples:

  • Nottalkingtosomeonein5days,that’snormal,mom!
  • Whoneedsaboyfriend?Ihave12cats.

Don’t: Use your pet’s name followed by letters; spot1990 is a password guaranteed to be cracked.

Do: Put letters and punctuations in your password. What is this thing? ~ I don’t know but throw it in there. Maybe drop a #i’mlonely at the end to spice it up.

Don’t: Use consecutive numbers in your password. Asdf123 is not a good password. 1234567890 is also not. 987654321? Yes, there you go! Just kidding, it’s still not good.

Do: Have different passwords for every site. I know this is a total pain, but if your password gets hacked on one site, it’s now compromised everywhere. Luckily, there’s an easy way to create a unique name - just throw a #website name at the end of your password someonepleaserespond#facebook and someonepleaserespond#instagram are a couple of quality examples.

Don’t: Go out in the middle of the street and tell your passwords to strangers.

Do: Use a service like 1password to keep track of your passwords - and MAKE SURE IT TIMES OUT (we actually use 1Password here at Masonry and it’s amazing. It syncs our entire staff’s passwords so that everyone can access or you can have your own vault for your personal logins).

Don’t: Use Chrome or Firefox or Safari to auto-save your passwords. Firefox stores your passwords as an unencrypted text file--that’s right, just like the poetry you write but will never publish.

“But Matthew!”, you exclaim hopelessly, “your passwords are easier to remember than anything I’ve ever thought of but I don’t understand why I need it to be this complicated! I just want to watch The Bachelor.”

Well let me explain: I’m sure you’ve seen a captcha that makes you tell a robot that you’re not a robot - have you thought of why that’s needed?

How Hackers Get Your Password in the First Place

A lot of movies will say “I’m going to brute force my way into the mainframe!”. What that means is that they will go through every possible combination they can to crack your password. A, then B, then C… then AA, then AB… and so on.

You might think this would take a while - and you’d be partially right. But with the speed of modern computers, this doesn’t take as long as you would think. Your phone runs at around 2.4 ghz--that is 2.4 BILLION instructions per second. I won’t get into what that actually means in terms of hacking a password, but essentially your abcd123 has more holes in it than swiss cheese.

By adding some efficiency to a brute force algorithm, a hacker can exponentially increase the speed by which a password is cracked.

Here’s how they do it: load all of the words from the dictionary and assume that it’s followed by a number. Toast12 is in fact toast. Bread12 is also, strangely, toast. They also use permutations of words as well as random letter combinations.

But for each additional word you add, that increases the number of combinations they have to check by a factor of 1,000,000, which makes hacking more difficult than finding your lost keys.

To sum all of this up, please use phrases. We’re begging you -- for the love of Twitter scandals and Target hacks, your data is much much more secure if you used a unique phrase. Want more proof? Here is a video of Edward Snowden explaining best password practices to John Oliver on an episode of, “Last Week Tonight”:

buildwithus
Contact Us