Update on Passwords: We’re Doing it all Wrong
Now that so much of our personal information has been hacked by cyber criminals, being concerned about password security may seem like closing the proverbial barn door after the horses ran off.
Fact is, it’s now more important than ever to use difficult-to-hack passwords, especially for business and personal online banking. Here’s why: Let’s say you’ve locked or frozen your credit information to make it more difficult for thieves to use your personal information to open new accounts. Great. However, since they already have your personal information, it may be easier for them to simply hack into your online accounts, run up credit card charges or drain money from a checking account.
Of course, you’ve faithfully followed the advice of cyber experts to construct strong passwords, like 4XampLe!!1923%. Unfortunately, these complex passwords we’ve relied on for the past 15 years are far from hack-proof. In fact, NIST (the National Institute for Science and Technology), recently revised its guidelines for creating secure passwords.
The password standards introduced in 2003 advised combining upper and lower case letters, numbers and special characters. Unfortunately, hackers have found it increasingly easy to crack these passwords, often using software programs that can run through millions of possibilities in a matter of minutes.
The newest recommendation is to use a string of unrelated words to create a long passphrase like mopbaseballfrozenstrawberry. Not only is it easier to memorize (no capital letters, special characters or numbers to remember – just words) it takes much longer for a computer to crack. According to security experts queried by the Wall Street Journal, a long passphrase like this would take a computer capable of making 1,000 guesses per second 550 years to crack.
Although there is no such thing as a 100% secure password, adopting these new guidelines, along with common sense safeguards such as never sharing passwords or using your password on publically accessible Wi-Fi, is your best defense.