Lots of people have only one password for all accounts, and very often it is very weak too. This is pretty much like leaving your key under the doormat and thinking nobody will look there.

For sure, this is not the most innovative post for my second blog, as this is one of the most discussed subjects on the Internet. However it is one of the most useful pieces of information about security that can save the day for any user!

First of all, let’s ask ourselves a question: what is a password? A password is the key that should only be in our hands to sign in. Password attacks are usually based on dictionary and brute-force attacks. What are these, you migh be asking?

Imagine you want to use your brother's bike, but it’s tied with a padlock. You cannot ask your brother for the password as he is asleep and he would get angry, so you really need to take his bike and it’s Sunday, so you have plenty of time. You see the padlock has 4 numeric wheels you need to place in the right position to unlock your brother’s bike, then you try the first combination “0000” but it’s not the right one, then try “0001”, “0002”... you eventually reach the right combination. Congratulations! You have performed a brute-forced attack!

Password hacking is pretty much the same thing, with some differences: A computer can process thousands of tries per second, and there are a lot more symbols to try in each position.

Hacking can be a lot easier than that, why try every single combination when you can try just dictionary words? In fact, most users use dictionary words as their passwords, if you cannot believe it just take a look into this SplashData’s annual list of most popular passwords of 2014 in the United States. Hope none of your passwords are among these:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael
  21. superman
  22. 696969
  23. 123123
  24. batman
  25. trustno1

 Passwords must be strong, as they are protecting your data. Let’s see some features a strong password must have:

  • Must have more than 9 characters.
  • Must contain at least one capital letter.
  • Must contain at least one number.
  • Must contain at least one special character, such as ? : ; . # etc
  • Must not be a dictionary word.

The more it follows those specs, the stronger. Your account won’t be an easy target for hackers.  If you are curious to know how strong a password is you can try this calculator

Passwords must be unique, I mean, every single account you own must have its own, strong password, becasue in the event you were using a single password for all your accounts and one of them was hacked, the attacker would have access to all your accounts. You are probably thinking using strong, unique passwords can drive you crazy. You are right. That’s why I recommend an application like Keepass that stores all your passwords encrypted with a master password, the only password you will have to remember: “One password to rule them all”.

There are versions to run on Windows, Linux, Android, Iphone, Blackberry… you have no excuse to go secure!

These recommendations will make it really tough to impersonate you by using a dictionary or hacking attack, but there are other ways to hack an account. We will talk about them in the next posts along with recommendations to keep secure.

See you soon and take care!