Dropping numbers, symbols and letters into your passwords may convince you that your online accounts are secure.
Yet cybersecurity experts have warned that a six-character password containing all these attributes can instantly be cracked by hackers.
New research by Hive Systems shows that hackers can crack your password within seconds – even if it’s more than 10 characters long.
This is up to eight time faster than last year, which the researchers attribute to advances in technology.
‘The time has finally come where passwords are just no longer secure by themselves,’ said Alex Nette, CEO and Co-founder of Hive Systems.
Dropping numbers, symbols and letters into your passwords may convince you that your online accounts are secure. Yet, cybersecurity experts have warned that a six-character password containing all these attributes can instantly be cracked by hackers (stock image)
TIPS FOR CREATING A SECURE PASSWORD
- Choose a password that is 18 characters long and contains a mix of numbers, lower and upper case letters and symbols
- If you struggle to remember a long password, use a password manager
- Don’t use the same password for every site you use
- Avoid memorable/personal facts like your dog’s name or your birthday
- Avoid a number-based password – these are the least secure
‘With the easily accessible use of artificial intelligence tools and hardware, hackers have never been in an easier position to gain access to our personal data. Without additional protections, I don’t think we can consider our data to be safe.’
Research found that number-based passwords were most vulnerable and could be cracked instantly by hackers when four to 11 characters long.
A 12-digit password would only take hackers one second to crack too, while an 18-digit pass would take just under a week to solve.
Lowercase letter passwords were slightly more secure but not entirely, with four to eight-character passwords also cracked instantly.
And while an 11-letter password took just 30 minutes to crack, adding seven more lowercase letters would make it over 480,000 years.
The most secure passwords were those containing a mix of numbers, symbols and different case letters.
These could be cracked instantly if they were four to seven characters long, but 12-character passwords would take 226 years to crack.
If you were to add an extra six characters to this same password, it would take hackers a jaw-dropping 26 trillion years to break in, according to Hive Systems.
Hackers can now crack complex passwords eight times faster than last year, findings show
Global Cybersecurity Advisor at ESET, Jake Moore added that using different passwords for every site is another way to protect yourself from cybercriminals.
He said: ‘Cybercriminals roam the dark web in search of these lists of hacked usernames and passwords in the hope they can hack into other accounts belonging to the same username with the same corresponding password.
‘This is why it is really important to never use the same password twice.
‘Furthermore, when people use the same password for many years for everything or with a simple change like the number on the end, they are effectively handing over the keys to their precious data and even financial accounts to hackers.’
Hackers crack passwords through brute force attacks, which are trial and error approaches to test out potential usernames and passwords.
While this may sound like a tireless process, graphics cards can speed this up thanks to popular applications like Hashcat.
Hive Systems advocates that formal identity confirmation should be more widely used online to protect accounts and personal data.
They also recommend the use of password managers, but even these are allegedly becoming less secure as technology advances.
Last year, a 12-character password made by a reputable password manager could take up to 3,000 years to crack – but this has now been sliced to 226 years.
‘Strong and unique passwords just aren’t very strong anymore,’ said Corey Neskey, VP of Quantitative Risk at Hive Systems.
‘The combination of a password manager that generates long, complex passwords, and the use of multifactor authentication are the best ways to reduce your risk.’
Mr Moore also added: ‘Passwords need to be long and unique but they must be coupled up with multi factor authentication which means if a hacker were to brute force your password or con it out of you, they would still need your device, a one-time code or your biometrics to access the account.
‘Using a password manager means you don’t have to remember the ridiculous amount of passwords we all need to have any sort of internet presence. You no longer have to use the same password everywhere, or use memorable facts such as your dog’s name, or your child’s birthday.’
HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED
Have I Been Pwned?
Cybersecurity expert and Microsoft regional director Tory Hunt runs ‘Have I Been Pwned’.
The website lets you check whether your email has been compromised as part of any of the data breaches that have happened.
If your email address pops up you should change your password.
To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address.
The search tool will check it against the details of historical data breaches that made this information publicly visible.
If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.
Mr Hunt built the site to help people check whether or not the password they’d like to use was on a list of known breached passwords.
The site does not store your password next to any personally identifiable data and every password is encrypted
Other Safety Tips
Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use.
Next, enable two-factor authentication. Lastly, keep abreast of any breaches
Read the full article here
Discussion about this post