We have written extensively about the trade in email addresses and passwords from the dark web, where a scammer may buy a list of 100,000 email addresses. They would have to pay a lot more money to buy the accompanying passwords, so often choose to use their own ‘password-guessing-software’ to try and crack – for example – a bank account attached to that email address. Scammers regularly piece together a jigsaw of your identity from social media feeds (where you show off your favourite holiday destinations, your adventures with Spot the dog and your love of Italian food).
All of that information is fed into the software to start guessing passwords. Think about all the times you might have replaced the number ‘1’ with an exclamation make ‘!’, or the letter ‘O’ with the number ‘0’. Password hacking software understands all these tricks. This ubiquitous threat to your password security comes from intelligent software attacking with focused precision rather than teenagers in North Korea taking a random guess at the name of your goldfish. You need to make it as difficult as possible for anyone to crack your password.
Some great (but very detailed) maths on this subject is covered in this article by The Conversation, but we picked out one incredible finding:
A computer can guess 100bn password variations per second. Does yours still feel safe?
The NCSC shares some useful password creation knowledge:
- The average person struggles to remember many complex sets of characters. Faced with the need to create a new password we fall back to ones we have used before, maybe with one or two differences. Across a population this becomes predictable behaviour for password guessing software.
- Lots of historical advice has been to ‘never write it down, but remember it and burn after reading’. A piece of paper in your house hidden away is only really at risk from a very ‘lucky’ burglar. It can’t be guessed by a global network of digital criminals if it’s not on the internet.
- For people with lots of passwords (and the average person now has over 70) there are many benefits to using your Google Chrome or Apple Safari or Microsoft Bing browser remember your password for you. Password manager software provides even more piece of mind, and is a key feature (number 7 of the 9 benefits) in IPS 360 Protect