Your Passwords Are Weak



We've learned long ago that the web is filled with hackers attempting to get into our accounts by guessing passwords from well known sites. This is why anyone who is a bit tech savvy has long ago ceased to use simple passwords like "password" or "12345". A geeky XKCD comic strip explains why. Instead, we follow the hints that many sites now give us to determine what is a strong password, and make up strings of letters and numbers that, at least to us, appear strong. Unfortunately, it turns out that human beings are bad at making up random strings, and as a result, the vast majority of passwords used out there turn out to be weak.

Ars Technica ran an experiment that checked to see how many passwords from a database they had could be cracked. Their experts managed to recover almost 90% of them, including strings like "BandGeek2014", "Apr!l221973" and "DG091101%". All of those were found within just an hour of work reversing hashes, and if you used one of those on a site that happened to have been compromised, your account would have been hacked. The reason has to do with pattern recognition. Basically, crackers use a combination of brute force and dictionary words. Any string of less than 6 characters can be found inside of a few hours, and is not secure. Any grouping of numbers is much faster to find than text or symbols.

Finally, how these things are grouped is also important. Humans tend to capitalize the first letter of a word. We also tend to add numbers at the end of the string instead of in the middle. And if we add numbers, most of us tend to group them together. These are just some of the many patterns that professional hackers know well, and they have tools that allow them to crack what, to us, seem like impossible passwords. The solution? The two best things you can do is using a password manager that creates long and truly random passwords, and also two factor authentication when available.