The shocking truth behind instant hacks on passwords you rely on

Are your passwords giving hackers access to your accounts in seconds?

How long does it take a hacker to figure out your password? The reality is that millions of apparently secure passwords can be bypassed in seconds.

Think about that. It could mean five to 10 passwords have been compromised in the time it took you to read to this point. Scary stuff.

These kinds of incidents are known as “brute force attacks” and the culprits let computers run through millions of possible combinations at lightning speed until they find the combination. The results can be so fast as to appear almost instantaneous.

Most people have used bike locks, padlocks or other locks which have four-digit combinations. For an ordinary person, forgetting the number is a huge inconvenience. It would be all but impossible to try all 10,000 possible combinations. However, a computer can crack the right code in less than a second.

Mike Halsey, a six-times recipient of Microsoft’s Most Valuable Professional (MVP) award, pulled together this handy table which outlines how easy it can be for a hacker to crack your password, based on whether you’re using just numbers, letters or a combination of upper and lower case letters and symbols.

Click here to see the full post

Where do you fit in?

So, how easy is it to make a difference? Easier than you might think. Yet, just a few relatively simple tweaks and updates could turn seconds into years, decades or even centuries when it comes to cracking your passwords.

For example, while the cyber crooks can bypass a four digit password instantly, an eight-character password with a combination of numbers, upper and lowercase letters and symbols poses a far more difficult challenge – taking more than two YEARS of computing power to crack.

As mentioned in our previous blog post on password security, the easiest passwords to crack are those with names, dates, or personal information that a hacker could gather from your social media (parents’ names, a birth place, or even your date of birth).

If you’re using personal details in your passwords, you can be providing the exact information a hacker needs to gain access to your emails, bank accounts, work data – nothing’s off limits once your password is in the hands of a hacker.

How can you protect yourself against hacks?

The best possible protection you can give yourself is to create a password with a strong combination of different letters, numbers and symbols. Numbers can be easily substituted for the letters O and S – and the longer the password, generally the better.

Avoid using names, football clubs, fictional characters – anything really easily identifiable. Last year, the National Cyber Security Centre published an analysis of the 100,000 most commonly used passwords that have been accessed by third parties.

The top passwords used by British people included:

  • 123456
  • 123456789
  • qwerty
  • password
  • 11111

While some of the most-used words were:

  • Ashley (used 432,276 times)
  • Michael (425,291)
  • Liverpool (280,723)
  • Blink 182 (285,706)
  • Superman (333,139)

To make your accounts more secure, considering making your passwords longer, with combinations of characters. Enable two-factor authentication on whatever devices you can. This doesn’t just apply to your personal social media accounts, it’s also important to keep in mind for your business and professional accounts.

You might also want to consider using a password manager to create and store complex passwords for you. There are also many affordable and user-friendly password management services, which create uncrackable passwords for all of your services (social media profiles, online banking) – then securely log you in whenever you need access. Popular options include LastPass, Dashlane and 1Password.

If you’re interested in how you can improve your business security, please get in touch with our friendly team of IT experts – who will run through everything cyber-related with you.

You can find out about all of our different services here