Strong passwords are important protections to help you have safer online transactions.
Keys to password strength: length and complexityAn ideal password is long and has letters, punctuation, symbols, and numbers.
- Whenever possible, use 14 characters or more.
- The greater the variety of characters in your password, the better.
- Use the entire keyboard, not just the letters and characters you use or see most often.
Create a strong password you can rememberThere are many ways to create a long, complex password. Here are some suggestions that might help you remember it easily:
Start with a sentence or two. Complex passwords are safer and easier to remember.
Remove the spaces between the words in the sentence.
Turn words into symbols, numbers, or shorthand.
Add length with numbers. Put numbers that are meaningful to you after the sentence.
Test your password with a password checkerA password checker evaluates your password's strength automatically. You can check here, or microsoft's own password checker.
Protect your passwords from prying eyesThe easiest way to "remember" passwords is to write them down. It is okay to write passwords down, but keep them secure.
Common password pitfalls to avoidCyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords that use:
- Dictionary words in any language.
- Words spelled backwards, common misspellings, and abbreviations.
- Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
- Personal information. Your name, birthday, driver's license, passport number, or similar information.
DID YOU KNOW...
- On July 16, 1998, CERT reported an incident where an attacker had found 186,126 encrypted passwords. By the time they were discovered, they had already cracked 47,642 passwords.
- In December 2009, a major password breach of the Rockyou.com website occurred that led to the release of 32 million passwords. The hacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the internet. Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The Imperva Application Defense Center (ADC) did an analysis on the strength of the passwords.
- In June 2011, NATO (North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11,000 registered users of their e-Bookshop. The data was leaked as part of Operation AntiSec, a movement that includes Anonymous, LulzSec, as well as other hacking groups and individuals. The aim of AntiSec is to expose personal, sensitive, and restricted information to the world, using any means necessary.
- On July 11, 2011, Booz Allen Hamilton, a large American Consulting firm that does a substantial amount of work for the Pentagon, had their servers hacked by Anonymous and leaked the same day. "The leak, dubbed 'Military Meltdown Monday,' includes 90,000 logins of military personnel—including personnel from USCENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors." These leaked passwords wound up being hashed in Sha1, and were later decrypted and analyzed by the ADC team at Imperva, revealing that even military personnel look for shortcuts and ways around the password requirements.
- On July 18, 2011, Microsoft Hotmail banned the password: "123456".
Resource(s): microsoft.com, wikipedia