Password Alert! Are you at risk?

Are you guilty of using an over-simplified password that a dedicated hacker could uncover as quickly as you can say ‘internet security’? This website lets you test your password and will tell you how long it would take a computer to break into your account.

If you find that it’s alarmingly quick, you are not alone. The tried-and-tested advice from years ago has been debunked, and even the man behind the theory has said he was wrong. William E. Burr, from the National Institute of Standards and Technology (NIST), issued advice in 2003 advising people to insert special characters instead of letters (e.g. $ instead of s, or ! instead of i), and to add a few numbers or capital letters.

While this advice may have been decent at the time, hackers now can get through these obvious techniques within moments, while more secure passwords, like l5YoEf6sK1c6 or seENvbxvYR4C, would take years and years to break into.

A risk with those random strings of letters and numbers, however, is that they are impossible to remember – and certainly using a different one for every website you log into would take some kind of genius to recall every time. The danger, therefore, is that you would memorise one or even – gasp – write it down, and use it for every website. Then, if you are hacked in one place, the hackers could easily access everything you have online, from your email to your bank account.

Updated password advice from NIST

Password management tools are available that can securely remember your passwords for every website you log into. Services like LastPass, Roboform and KeePass will store encrypted versions of your passwords and enable you to use them to log in when you are on that site. Most of these tools will also provide suggestions for complicated passwords that would be near-on impossible to hack – and because the problem of having to remember them is no longer relevant, you can have a different string of numbers and letters for each site.

Alternatively, you could go with Burr’s advice to string together a list of unrelated words. Applepiratepencilsatsuma would be impossible to crack and, if you can create a story that makes the word order make sense, could be easy for you to memorise.

WeSeeNow’s password advice for organisations

With the GDPR coming in soon, businesses need to take cyber security incredibly seriously. If you store your customers’ contact details in a database secured only by the word ‘p@55w0rd’, you – and they – could face serious problems. You would be in legal trouble and their details could have been hacked, sold and exploited.

We strongly recommend enterprise-level password management tools that have two-factor authentication for the master password, at least. This ensures the ultimate in safety and security. We are happy to recommend specific services to suit your needs, and undertaking the CyberEssentials scheme could also provide you with additional information and strategies to improve your overall cyber security situation.

Using password management software means that you never need to use the same password for two or more websites; the service is remembering each string of characters for each site, so you can easily insert complex passwords for every service you use and your software will take control of recalling them. This improves usability without compromising on safety.

Finally, let your password management software audit the passwords you use so that you can identify and replace any that are easy for hacking software to guess. This is especially important for sites that are less secure, as these can give away the passwords you use for your more critical and secure websites, too.