Guest Column by Allen Perk, XLN Systems
Passwords are a major part of our lives AND we have numerous (some say countless) amounts of them. They are the keys to our “electronic” locks. Trouble is, our keys are so easy to copy or guess, we might as well not have the locks!
Why do we need and have so many different passwords?
Because almost every one of the sites requiring a password has a different rule set for creating a password. Many require an uppercase character or a lowercase character or must have a number and/or must have a special character AND cannot be a password you have chosen in the past 27 years!
Because we have so many sites where we need passwords, we try to make it easy for us to remember them. Trouble is, if it’s easy for us to remember, it’s easy for the bad guys to guess. Did you know that some of the most common passwords are: Password, Password123, admin, welcome, letmein, QWERTY, QWERTY1234, 123456 and 123123.
So what do many of us do with our passwords so we remember them? We write them down on sticky notes and keep them close to our computer! Or we write them in a notes area on our phone for easy reference. Worse yet, we tell our apps to simply remember them so when we use the app, the password is already there! Sure hope no one comes near your computer or you don’t lose or misplace your phone.
So the trick is to come up with a way that is easy to remember your password and make it harder on “bad guys” so they don’t break in. But bad guys know all the common passwords and have access to sophisticated software programs designed to “guess” your password. How can I, a simple human being, match wits with a hacker or a hacker software program?
Let me demonstrate. It’s a numbers game!
Let’s make a simple password comprised of two numbers only. How many combinations of this password are there? In this example, we have a password length of 2 and we know that numbers consist of 0 through 9, hence 10 different numbers. So the formula is 10 to the 2nd power, 10 times 10 = 100. There are 100 combinations.
Stay with me now, contrast that with a password consisting of two alphabetic lowercase characters only. Now how many combinations? There are 26 characters in the alphabet and we again have a password length of 2. So, mathematically, the formula is 26 to the 2nd power, 26 times 26 = 676. There are 676 combinations. This is a much harder password to guess.
But computers can guess passwords at a vastly faster rate as they can perform millions of calculations every second. How can anyone outwit a computer?
The answer is, are you ready, PassPhrases!
Yes, a phrase is a longer version of a word and therefore is statistically, much more difficult to guess, even for a computer. So if your PassPhrase is “TheBlueJacketsAreMyTeam”, then using the formula described above and considering BOTH upper and lower case letters, the chances of someone or some computer program guessing your password is ……. 52 to the 23rd power (26 uppercase letters plus 26 lowercase letters and the password length is 23) yielding a HUGE number, or one in 2,938,169,888,454,847,603,243,483,631,603,792,478,208 chances of guessing your password. Almost 3 duodecillion. WOW! Even our national debt is not that large.
Now, using “special characters” like the “!”, “$”, “(“, “)” and the scores of others will also make it increasingly difficult to guess a password.
In conclusion, use your longer (18-25 characters) PassPhrases for very important accounts like your bank and brokerage accounts and use slightly shorter (14-17 characters) PassPhrases for other not as important accounts like SATELLITE RADIO, FANTASY FOOTBALL or CABLE TV accounts. In all cases, try to use a PassPhrase consisting of at least 14 or 15 characters.
The above views and comments are those of Allen Perk, CEO of XLN SYSTEMS. XLN is a software and cybersecurity company in Columbus, OH. Allen serves on the Ohio Attorney General’s Cyber Security Advisory Board and is Chair of the Central Ohio AAC for NFIB/Ohio. Allen’s passion is to help business owners implement the Cyber Security practices vital to their unique size and industry. He can be reached at 614.947.3607 or by email at [email protected]