How Secure Are Your Passwords?

In an increasingly digitized world, the importance of information security arguably expands at an exponential rate.  Many people and institutions still take a cavalier attitude toward the security of the information about them own and their clients lives that is both theoretically and practically accessible to anyone who is determined to get access to it.  CNN reports on Shodan, a search engine that provides access to information on half a million devices and services connected to the internet.  Excerpt:
Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet. . . .

It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan. 
What can you do to make sure your information is secure online?  The answer is actually quite simple. Take password protections seriously.  From Three Twelve:
Eight-character passwords are simply not effective enough. According to Wikipedia:"As of 2011, commercial products are available that claim the ability to test up to 2,800,000,000 passwords per second on a standard desktop computer using a high-end graphics processor." Guess how long your 8-character password can stand up against that attack? If you made it to a few minutes, you'd be lucky. The computer can guess EVERY SINGLE COMBINATION of eight lowercase letters in 22 seconds at that rate. Throwing in special characters, uppercase, and numerals greatly increases the complexity, of course. In reality, though, people have pre-computed ALL 8-digit passwords into databases called "rainbow tables" and can just look up (in something like .001 seconds) whether your password has been computed already. . . .

So What Does a Good Password Look Like? XKCD gives a great example: "correct horse battery staple" Check it out--it's incredibly easy to remember, yet its length is 28 or 25 characters, depending on whether you use spaces. This would take the same computer above centuries or millenia to break . . .

Because you have dozens of accounts all across the web, you will need dozens of UNIQUE passwords. For an easy, repeatable way to do that, come up with a system that generates a password for you . . .

1 comment: