Scared of an online password hack? Here’s how to help prevent it

password hack Password hacks are becoming more common as people’s online accounts contain more sensitive personal data. Even big, trusted sites like LinkedIn, LivingSocial, and Dropbox suffered password breaches in the past.

And because 78% of people reuse their passwords, it becomes more likely that a password hacked on one site can open accounts on other sites.

Here’s how to prevent your data from being compromised in 5 easy [albeit non-exhaustive] steps:  

1. Stay away from English-language passwords

One of the biggest mistakes that internet users make is using English words in their passwords.  English words make hacking passwords far easier for a potential hacker.

Given that there are only approximately 500,000 words in the English language and that there are approximately 70 typable characters available on an English keyboard, that means that for password of 8 characters in length, there are 9,440,350,920 combinations available for an 8 letter password.

That number skyrockets once you create even longer passwords.  Clearly, there is significantly more diversity in using characters rather than just English words.

password hack

2.  Create fake security answers

Which street did you live on when you were ten?  What is your mother’s maiden name?  STOP. DO NOT SUPPLY THE CORRECT ANSWERS.

Think about it: if you give the correct answers to these questions, you’re giving companies and potential hackers even more extensive information about yourself. Plus anyone can find these answers on data broker websites for only a few dollars, so they’re hardly secure.

Giving the wrong answers to these questions, even answers that aren’t actual words, can add another layer of protection.

3. Have a favorite poem or song?

One of the easiest ways to create strong passwords is to use something that you’ve already committed to memory.  Many articles have been published about using a “base password” to remember all other passwords by, and simply adding the name of a website to the end, such as for Amazon.com: passwordAMAZ.  We wanted to take a different approach by implementing things you might have already committed to memory.  For instance, let’s take a popular poem like Edgar Allen Poe’s “The Raven:”

password hack

Of course, any song, poem, or even sentence that you have memorized can be applied to this example, along with any letter combination.

One of the most important reasons as to why this method works so well is because it always functions on those websites that don’t allow special characters in passwords.  Also, remember that this method could always be combined with numbers/special characters for increased security (such as spaces (_) or symbols (*,&,#,@,$,%, etc.).

4. Protect your passwords with a password manager

Password managers are an effective and cheap solution to encrypting and storing your passwords.  Most password managers also have a function that automatically fills login information for you upon visiting a website.

Password managers come in two different genres, but both provide adequate password protection.  The first group is based locally (i.e., on your device, not online) and includes password managers such as 1password and Roboform (desktop version).

The second group of password managers is stored online, and includes LastPass and Roboform Everywhere. Both types have pros and cons, and we encourage you to explore all options by trying them out.

5. Test your might – entropy might, that is

How strong is your password? One of the best ways to find out is this Dropbox Tech blog post by Dan Wheeler. Compare the following images, which pit our “Raven” example from above against the word “password:”

An excellent feature of Wheeler’s demo is that you can try all sorts of combinations to try to get the “entropy” (i.e. the randomness) and crack time as high as possible.

password hack




5 comments shared on this article:

  • Barbara Z says:

    I feel good after reading you post. I have already started using 2 languages in one password with symbols, for my critical accounts. Now I need to change some phrases to the first letter only in others.

  • Carlos Yastremski says:

    There has been a recent deluge of articles offering ways to protect personal and professional online privacy. This one happens to be very good for both the neophyte as well as a reminder to those ones who believe the already know a thing or two. The process of personal protection could become exhaustive, obsessive and psychologically challenging but keeping the tips offered in this story in perspective, applying these measures with a combination of reason and common sense, you can certainly sleep easier. Thank you for posting this. Excellent article.

  • argelyn says:

    on my my craiglist post using this email address i cant access on craiglist.

  • Andrew Schwartz says:

    Use the Norton Internet Security Suite*. Excellent Password Manager
    for IE 10. I think Norton now has made it compatible in Firefox**

    *Norton Security suite is included as a freeby for those who use Comcast.

    **Norton Intenet Security Suite was compatible with earlier versions of Firefox, just not Identiy Safe

  • Explorer401 says:

    I have two very simple suggestions for those who wish to manually type their passwords and the web sites themselves.

    1) The amber & sign is very useful and I have not heard a single explanation for why it is not allowed on every web site. Greater combos and twists means greater security. My own financial institution does not allow it!

    2) We know that passwords are case sensitive, so why not make the user ID case sensitive? Industry also needs to get its act together.

Leave a Reply

Your email address will not be published.

Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>