So, you think your password is secure? Perhaps you’ve got a system to remember your password that allows you to use a complex password? Well, good for you. Unfortunately, your password is still not secure.
The problem is, you simply can’t trust the website that you give your password to. What type of encryption do they use to store your password (if any)? Encryption (as I will talk about later) is a way to turn your password into a secret code that is more difficult for hackers to crack.
I’ve lost track of the number of websites that send you your password in plain text with their welcome email. I posted about this some time ago on a Google+ post. This isn’t just bad practice, this is almost criminal! They’ve shown no regard to the storage of your personal data by storing your password in plain text in their database. Not only that, but they’ve sent your password in plain text in an insecure email. When an email is sent, it can pass through many different servers throughout the world, and be potentially “seen” at any point as it goes on it’s way. If someone malicious sniffs out your email, they could potentially get access to your account for the website you signed up for.
But, it doesn’t stop there. I’m sure you’re not one of the many people who use the same password for multiple accounts are you?! Of course not! However, just think about the many people who do use the same password across all their accounts. If this malicious person has gained access to that one account, they could also potentially get access to your email account. Now that’s when the very bad news starts. Once they have access to your email account, they can change the password and lock you out and start to reset your passwords for all your other accounts. This could include Facebook, Twitter, Google, PayPal and perhaps even your bank. If this doesn’t scare you, then I don’t know what will.
So, how do you guard against this? Well basically, you can’t trust the website you sign up with. When you sign up, you should sign up with a temporary password- you can always change this later. If you do receive your password back in plain text, then at least you know all your other passwords are safe.
If you do use the same password for all your accounts, then don’t! I know it sounds really complicated, but there are plenty of ideas to get you started. Here is one system… come up with a sentence and your favorite number. For example “I like salted peanuts” and 15. By using the first letter of each word and the number you could get 15Ilsp. Then put the first 5 characters of the website you are signing up for at the end. For example, for Amazon, your password could be: 15IlspAmazo. You could even put another character at the end, for example, a hash- 15IlspAmazo# for extra security.
Even with this method, your password isn’t necessarily secure- it might be obvious to a hacker how your password system works. Of course, a password manager can help here, one like Last Pass. Here, all you need to remember is one password, and you can get Last Pass to automatically generate fiendishly complex passwords for all your accounts.
MethodThe hash of ‘passw0rd’md5bed128365216c019988915ed3add75fbsha17c6a61c68ef8b9b6b061b28c348bc1ed7921cb53sha512e0469addd8d57a3623494096dabc19bebca1a038c9da696940b3f853d106a6ecfa5bd60ce8e72884efa3bd92b930da178fd616f40facad654212d7c2f8817dd4
So, as you can see from the above, sha512 is more secure than md5 because of it’s sheer length. The problem is that hackers have lists of common passwords and their encrypted equivalents. That way they can find out your password from the hash quite easily. There is also the “brute force” method, in which a hacker will try thousands of passwords over a period of time in order to try and guess the password. So, how do you up your security?
