The bad guys will break your bad password. TechRepublic's Dan Patterson spoke with IBM X-Force Red hacker Cris Thomas, better known as Space Rogue, to discuss how easy it is for hackers to crack passwords and how to better protect your information.
Passwords are bad because they are only one item, Thomas said. If an attacker gets through that one item, then they have access to a user's account. It's good for people to have two-factor authentication to act as a gateway to access information.
"Once an attacker gets into a network, or on a system, finding the password is pretty easy," he said.
There are different methods hackers use to crack passwords. A common method is the dictionary attack where hackers take every word in the dictionary and run it against the password to see if there's a match. Another way is the brute force attack where hackers will take every lower and uppercase letter, every number, every symbol, then run them in every combination until there's a match.
SEE: Security awareness and training policy (Tech Pro Research)
"By doing that we can come up with the actual password the user had, and then use that to log in as the user, and gain access to network resources that the user had," he said. "But that takes a lot of computational power."
Using passwords that are 40 characters long with jumbled letters and numbers is going to be tougher to crack than a password that's in the dictionary. That's why it's important to use password managers, he said, since no one will be able to remember extensive passwords.
Changing passwords every 90 days is no longer a best practice. Thomas suggests using passwords that are at least 14-16 characters long, and including upper and lowercase letters, numbers, and symbols. Two-factor authentication through a text message, email, or other method is also important in the case a person's password is cracked.
"Both of those things, choosing good, long passwords and using two-factor authentication, goes a long way in securing an account from bad guys," he said.
- Cybersecurity in an IoT and mobile world (TechRepublic special report)
- How to enable LastPass to save passwords for Android Oreo autofill (TechRepublic)
- Report: 61% of IT leaders rely only on employees to enforce strong passwords (TechRepublic)
- Top 5: Things to know about password managers (TechRepublic)
- The dumbest passwords people still use (ZDNet)
Leah Brown has nothing to disclose. She does not hold investments in the technology companies she cover.
Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.