It seems that every single day, someone comes to a forum writing about how his accounts were hacked somehow and he doesn’t understand why. One of the reasons that people get accounts compromised so often is because they don’t exactly understand how it happens. Once the process of grabbing someone’s password becomes clear (it’s simple, by the way), then we can understand how we can modify our passwords to effectively prevent hackers from entering our accounts. One proposition that security experts have made recently was to use short sentences as passwords, rather than using a continuous string of characters (like “blablabla”). We’ll have a look at this and why it may or may not be more secure.

Also read: 8 Essential Settings to Secure Your Google Account

Understanding Password Theft

sentencepass-theft

Here at MTE, I have already covered the ways in which hackers can get ahold of your passwords. However, that list is composed mostly of methods used to sniff out and easily get ahold of your credentials. Right now, I want to cover with you the methods that hackers use to crack open your account from the outside rather than infiltrating your packet traffic. These methods are a little simpler but more time consuming. Let’s have a look:

  • Brute-Force Attacks: The method to this madness involves simply going through a ton of permutations of multi-character strings. So, a hacker with a brute-force tool will simply try thousands of permutations, hoping to hit the right one after a while. The tool will randomly guess character combinations (like “jif2$F”). Since passwords are typically more than six letters long, this method will take a while! However, a determined hacker will sit through an entire day’s worth of password guessing just to get into your account.
  • Common Word Attacks: The hacker will use common everyday words (like “strawberry” or “whiskey”) from a list, load them up on a special tool, and try each one out. It only takes a few minutes (many times, even a few seconds) to crack an account using a common word as a password.
  • Dictionary Attacks: As the name suggests, the hacker whips out a copy of the Oxford Dictionary and tries every word. Using an automated tool, this takes a little longer than a common word attack, but it will get a large amount of accounts cracked.

Security experts have long reached the conclusion that the safest password is one with a combination of alphanumeric characters (including uppercase letters) and special characters (like “$@(%#”). This isn’t far from the truth today. A password like “ff9jF#D” is much safer than “caramel.” The downside is that it’s really hard to remember random characters. Our brains just aren’t wired that way.

And, while we’re still on this subject, let me tell you a secret: If some expert tells you that a character-string password will take several years to crack, he’s probably talking about brute-forcing with a CPU. Hackers don’t do that anymore. Instead, they use things like nVidia’s CUDA technology, which allows them to tap into the immensely-faster GPU of a graphics card, allowing them to do what a computer does in a week within a span of hours by chaining a bunch of hardware together (through an SLI bridge).

Are Sentences Any Better?

sentencepass-lockonlaptop

The space (” “) is a legal character in most password forms. This means you can separate words from one another. Just having a sentence as your password can create a nightmare for hackers, according to a number of security experts, one of them being Thomas Baekdal. The advantage of using a sentence is that it’s much easier to remember than 8fa@!*FaicC and it’s also more secure when used in the proper manner.

In 2007, Baekdal wrote that “this is fun” is 10 times more secure than “J4fS<2.” I’m not sure what his opinion of this is right now, but I do not think that using something simple like “this is fun” is so secure that it would take a computer, according to his written piece, 2,537 years to crack it.

For one, let’s say that a hacker uses a list of the one-thousand most common words in the English language to crack “this is fun.” Since the password uses three distinct words, we’d have to contend with 1,000*1,000*1,000 possible permutations. That gives us a billion permutations to cycle. It sounds like a lot, but for a computer, this is very simple.

I’m not saying that Thomas Baekdal is wrong. I’m simply saying that you need to follow some guidelines when making your choice. Let me show you some ideas I’ve cooked up while thinking about this problem for several days:

  • Use non-space separators, like the hyphen (“-“). If you’re a little more daring, try something really difficult to figure out, like the trademark symbol (“™”, Alt+0153).
  • Use non-conversational uncommon words, like “quantum theory is a paramount development.” You can also create a sentence in another language, like Latin (“repetitio est mater studiorum”). This is especially useful when English is not your first language. Most hackers will search for passwords with English words, but very few of them would think of, say, Romanian or Czech.
  • Make sentences of random words. An example would be “paraphernalia photon cephalopod.”

Following these rules may result in a password that is, at first, difficult to remember. But you should consider the Latin proverb I used as an example of a non-English password. Its translation: Repetition is the mother of study. If you keep using your password, you’ll remember it in a jiffy. Remembering “faji2o#($FCCineF)9f(#“, I think, is much more difficult than remembering “paraphernalia photon cephalopod” or whatever these words may be in your native language.

Remember, the longer you make the sentence, the more secure it gets! Using a shorter sentence may still afford you some high level of security so long as you don’t use something that can be caught in a common word list. Dictionary attacks on your password are still possible, but not likely to yield results because of the enormous amount of time it would take for the hacker’s tool to crack your password open.

Limitation

The only limitation to the above method is that some sites don’t allow passwords longer than 20 characters. A few also don’t allow spaces or other special characters in passwords, although this is becoming more rare. I have even encountered an online banking platform that only allowed up to 14 alphanumeric characters. In these sites, sentence passwords won’t work whatsoever.

It’s Time For You To Speak!

I discussed a lot right now. Some of it is a little conflicting with conventional knowledge about passwords, so it’s normal for you to have opinions, questions, and thoughts on the matter. It’s time for you to open up. Join me and fellow readers in a conversation that could help clarify everything by leaving a comment below!

How To Save Highlighted Text in Firefox Into a File

Researching on the Internet can sometimes be cumbersome. The Save Text To File extension for Firefox allows you to save highlighted text in any web page into a .txt file, then save it in any location on your hard drive.

How to Add Links to Your WordPress Widget Titles

Do you use numerous widgets on your WordPress blog? Have you ever wished that you could add WordPress Widget Titles? If so, you’re in luck thanks to a WordPress plugin called Widget Title Links.

How Is Simple Different From Traditional Banking?

Simple is an online service that seeks to change the way people manage their money, but just how is it different from traditional banking?

Internet Speeds Inconsistent With Your Plan? Read This!

Have you ever wondered why your Internet speed is always not as fast as your service provider said it would be? It never hurts to examine the most common causes of slower-than-advertised Internet speeds and determine whether one of these is happening to you so that you can determine how to remedy the situation.

9 Ways to Make Better Use of Gmail Filters

Gmail filters is a good way for you to organize your inbox without you doing the manual work. Here are a few ways that you can make good use of Gmail fliters.

Is Your Email Provider Leaking Your IP Address to Recipients? Here’s How to Find Out

If you care about your privacy, you need to make sure that your email provider is not leaking your IP address to recipients. Here’s the tool for the job!

Should I Use a Website Creator or Hire a Web Designer?

If you are starting to setup your website, it can be hard to decide whether to hire a web designer or go with the different DIY website creators out there. Here are some points you should consider.

How to Open Multiple Links in Firefox

If you always have a set of URLs that you want to load whenever you run the browser, Multiopen for Firefox allows you to open multiple links quickly and easily.

Three Free Fonts to Spice Up Courier

Courier New is the most popular variant of the monospace typeface. Here are 3 free versions of Courier to spice up your working environment right now.

A Beginner’s Guide to Not Being Compromised on the Internet

You may understand what social engineering is, but are not sure how to properly defence against it. Here are a couple of advices for you.

TunnelBear VPN: A Beautiful Bear That Just Works

Need a VPN service? TunnelBear VPN can encrypt your Internet connection while changing your public IP address to the country of your choice. Read on for the review and giveaway.

How to Close and Snooze Tabs in Chrome to Reduce the Clutter

It’s common to have multiple tabs open in a web browser. Here is how you can close and snooze tabs in Chrome to free up space in your web browser.