learned long ago that the web is filled with hackers attempting to get
into our accounts by guessing passwords from well known sites. This is
why anyone who is a bit tech savvy has long ago ceased to use simple
passwords like "password" or "12345".
A geeky XKCD comic strip explains why. Instead, we follow the hints that many sites now give us to determine
what is a strong password, and make up strings of letters and numbers
that, at least to us, appear strong. Unfortunately, it turns out that
human beings are bad at making up random strings, and as a result, the
vast majority of passwords used out there turn out to be weak.
Technica ran an experiment that checked to see how many passwords from a
database they had could be cracked. Their experts managed to recover
almost 90% of them, including strings like "BandGeek2014", "Apr!l221973" and "DG091101%".
All of those were found within just an hour of work reversing hashes,
and if you used one of those on a site that happened to have been
compromised, your account would have been hacked. The reason has to do
with pattern recognition. Basically, crackers use a combination of brute
force and dictionary words. Any string of less than 6 characters can be
found inside of a few hours, and is not secure. Any grouping of numbers
is much faster to find than text or symbols.
how these things are grouped is also important. Humans tend to
capitalize the first letter of a word. We also tend to add numbers at
the end of the string instead of in the middle. And if we add numbers,
most of us tend to group them together. These are just some of the many
patterns that professional hackers know well, and they have tools that
allow them to crack what, to us, seem like impossible passwords. The
solution? The two best things you can do is using a password manager
that creates long and truly random passwords, and also two factor
authentication when available.