Passwords have evolved a lot over the years, from the legendary “open sesame” to a secret knock with “Lenny sent me” to get you into a private poker game. But one thing has not changed, it is what gives you access, that’s why passwords have always been coveted, from the combination to a safe to access to an online bank account, the so called “easy money”. As such the password has evolved over time to be longer and contain numbers and symbols, and through the years the minimum password length has grown in direct relation to the increase in compute power that became available to hack a password.
Today an 8-character password can be revealed by a skilled hacker in under 8 minutes, numbers, symbols, and all. On top of that the way to obtain your password has become much more sophisticated, from fake sites that dupe you into entering your password to dark web password dumps from companies that got hacked and had private information stolen. Once a few of your passwords are out there it is possible, more often than not, to guess your passwords to everything. Since we tend to use patters, the additional symbol, number, address, date or social will not protect you even if you change that number every 90 days. Yes, that famous AI (Artificial Intelligence) is what is being used to guess what changes you might have made to your passwords and then tests those passwords, not on one site, but on many, so as not to lock out your accounts, and in a short time a list of your working passwords will be ready to either be sold or used to compromise your accounts.
So, is the password dead? Not completely. There are things you can do to protect yourself:
- Use MFA (Multi Factor Authentication) everywhere you can.
- Always use unique passwords. Each site/account should have its own completely unique long password. Hard to come up with and remember so many? Yes, it can be. For that we recommend using a password manager tool that would generate, remember and enter them for you.
- When creating your own passwords use a pass phrase or build a password from the phrase and don’t use something famous like lyrics or movie quotes
- for example, take the phrase:
Whatever you do Marty never go to 2020! – that would be highly secure
- For a shorter password you can use just the first letters - Wydmngto2020!
- To make that more secure substitute letters for symbols - Wyd^^ng+2020!
You can check password security on websites like these https://www.howsecureismypassword.io/ although I would not recommend entering an actual password you intend to use in there.