Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Passwords – They’re not going away so you have to get them right

Houston, we have a problem. There is no such thing as an un-crackable password. In 1995, the US Computer Emergency Response Team (CERT) reported that approximately 80 percent of the security incidents they received were related to poorly chosen passwords. Seventeen years later and little has changed – and the problem might even be worse.secure-password
The issue for the majority of us is that passwords are the only ‘block’ between a criminal and our personal information – and they are used almost everywhere. Email? Password. Online shopping? Password. Is it the same as the one you use for your email? What about the other ten or twenty or fifty sites you have visited online this year?
While I strongly advocate that the commercial world needs to take more responsibility for protecting its customers, while we’re waiting there’s a lot that we can do to prevent our virtual identities being abused. So, draw closer and let me tell you how.
Before I tell you how to create a virtually un-crackable password, it is important to understand how passwords can be broken.
How is a Password Cracked?
One method is the dedicated individual who will trawl through a person’s life to glean snippets about them, all too often published on social network sites. Using things like a pet’s name, first school, maiden name etc. they will try to ‘guess’ what a password could be. Of course, a targeted attack like this is limited and, if I’m honest, really hard to prevent. However, I would advocate that you put as little personal information as possible online and, if you do use your pet’s name or children’s etc. you change your password immediately and don’t do it again.
The more likely scenario is a widespread brute force attack. This method entails criminals using a computer program to simulate keyboard typing.
Password crackers use two common techniques. A dictionary attack – the program uses the most common terms in major languages, the second goes through every possible character combination.

Crackers also make use of common password lists. Since many users tend to rely on a lot of the same passwords (“123456”, “qwerty”, “abc123” and, of course, “password”), these weak words or phrases are no match for cracker programs.

What is a strong password?
A fictitious word or phrase will take longer to crack. Add in numbers and symbols and you’re definitely on to a winner. That said, and just to really focus your mind, based on 100 million checks per second (which is achievable with automation) a truly random password would take the following to break:

 Password length Tries per second Time to break
 4 100 million 0.16 seconds
6100 million 11.4 Minutes
8 100 million 32 Days
10 100 million 365 years
So, the answer is simple – you need to create a truly random and complex password, of 10 characters or more for each of your online identities. Don’t forget that they must be different – if you use the same password for everything then crack one and you’ve cracked them all. And of course you’d have to remember them all, as we all know you mustn’t write passwords down!
Okay, perhaps simple is a bit of an overstatement. Research confirms that most people can remember four characters of a complex password very easily. The problem is, when this is extended to five and over, it dramatically falls off. Unfortunately hardly anyone is able to remember a complex password of six characters or more.

Should I give up?
While it might seem like a hopeless struggle, all is not lost. I have a cunning solution to your password dilemmas!

Before you start punching the air – I’m not going to let you off the hook and say just create a four character password. Instead I’m going to insist that it is 10 characters or longer – a mix of letters and numbers and, if the site allows, add in some symbols for good measure. Letters should include both upper and lower case, numbers should be more than just 1’s and 0’s and symbols can be anything as they’re tricky little devils.
Now, take your head out of your hands as here’s the clever bit.
Break your password down into two or more sections as this will make it easier to remember. It’s almost like embracing your own two factor authentication – something you know, and something you own.
One part remains static, by that I mean it doesn’t change, for each and every account you have – I suggest it’s this bit where you add the cleverness, i.e. symbols, numbers, upper and lowercase letters etc., for example D8*a. As this part of your password is only 4 characters it should be easy to remember. This is what I like to think of as ‘something I know’.
The second part should be relevant to the site you are creating the password for. So, for example, if it were for an online catalogue company you could add the phrase ‘lookingfab’ to the static element, for an auction site you could add ‘lucky7’, etc – as long as it is something different for each site. It wouldn’t hurt if you made a note of these elements, perhaps in the notepad element of your phone, just make sure that it’s somewhere only you know about. So, this part is the ‘something I own’ be it a message in my notepad or stored elsewhere.
If you still need help with your password management, there are some clever programs, such as SecurAccess from SecurEnvoy, that can help. These allow you to register the first element of your password – so the static complex element, and it creates and sends you (via SMS) the second part periodically i.e. when it needs to change. By saving the message you have a constant reminder.
While we’re waiting for the commercial world to wake up and start making it harder for criminals to steal our online credentials, in a way that doesn’t make it impossible for us to continue to interact with them, we have to take up the slack and protect ourselves. By applying this simple methodology to password creation means it will take a ‘cracking’ program at least a year to break our passwords, but we’ll always remember them! And, just in case an undesirable does try to break the code, then by changing one of the elements periodically we can always stay one step ahead of the fraudsters and their software. Now, doesn’t that make you feel empowered?