I’m a cybersecurity expert – these are the mistakes that could let hackers crack your passwords

Science
By William

>

Dropping numbers, symbols, and letters into your passwords can help convince you that your online accounts are safe.

Still, cybersecurity experts have warned that a six-character password that contains all of these attributes can be instantly cracked by hackers.

New research Hive systems shows that hackers can crack your password in seconds – even if it is more than 10 characters long.

This is up to eight times faster than last year, which the researchers attribute to technological progress.

“The time has finally come when passwords are no longer secure on their own,” said Alex Nette, CEO and co-founder of Hive Systems.

Dropping numbers, symbols, and letters into your passwords can help convince you that your online accounts are safe. Yet cybersecurity experts have warned that a six-character password containing all of these attributes can be instantly cracked by hackers (stock image)

TIPS FOR CREATING A SECURE PASSWORD

  1. Choose a password that is 18 characters long and contains a combination of numbers, lowercase and uppercase letters, and symbols
  2. If you have trouble remembering a long password, use a password manager
  3. Don’t use the same password for every site you use
  4. Avoid memorable/personal facts such as your dog’s name or your birthday
  5. Avoid a number-based password – these are the least secure

“With the low-threshold use of artificial intelligence tools and hardware, hackers have never had easier access to our personal data. Without extra protection, I don’t think we can consider our data safe.’

Research has shown that number-based passwords are the most vulnerable and can be immediately cracked by hackers if they are four to eleven characters long.

A 12-digit passcode would also take hackers less than a second to crack, while an 18-digit passcode would take just under a week to crack.

Lowercase passwords were slightly more secure, but not quite, and passwords of four to eight characters were also cracked instantly.

And while an 11-letter password took just 30 minutes to crack, adding another seven lowercase letters would make it more than 480,000 years.

The most secure passwords were those with a combination of numbers, symbols and different capital letters.

These can be cracked instantly if they are four to seven characters long, but 12-character passwords would take 226 years to crack.

If you added six extra characters to the same password, it would take hackers a staggering 26 trillion years to break in, according to Hive Systems.

Hackers can now crack complex passwords eight times faster than last year, findings show

Hackers can now crack complex passwords eight times faster than last year, findings show

Global Cybersecurity Advisor at ESET, Jake Moore added that using different passwords for each site is another way to protect yourself from cybercriminals.

He said: “Cybercriminals roam the dark web looking for these lists of hacked usernames and passwords in the hope that they can hack into other accounts belonging to the same username with the same matching password.

‘That’s why it’s very important to never use the same password twice.

“Furthermore, if people use the same password for everything for years or with a simple change like the number at the end, they are essentially handing over the keys to their precious data and even financial accounts to hackers.”

Hackers crack passwords using brute force attacks, which are trial and error approaches to test potential usernames and passwords.

While this sounds like a tireless process, graphics cards can speed it up thanks to popular applications like Hashcat.

Hive Systems advocates that formal identity confirmation should be more widely used online to protect accounts and personal information.

They also recommend using password managers, but even these are reportedly becoming less secure as technology advances.

Last year it took up to 3,000 years to crack a 12-character password created by a reputable password manager, but this has now been reduced to 226 years.

“Strong and unique passwords just aren’t very strong anymore,” said Corey Neskey, VP of Quantitative Risk at Hive Systems.

“The combination of a password manager that generates long, complex passwords and using multi-factor authentication are the best ways to reduce your risk.”

Mr Moore also added: ‘Passwords need to be long and unique, but they need to be linked to multi-factor authentication, meaning if a hacker were to brute force your password or cheat it out of you, they would still need your device would have, a time code or your biometric data to access the account.

“Using a password manager means you don’t have to remember the ridiculous amount of passwords we all need to have a presence on the internet. You no longer have to use the same password everywhere or use memorable facts like your dog’s name or your child’s birthday.’

HOW TO CHECK IF YOUR EMAIL ADDRESS HAS BEEN COMPRODATE

Am I Pwned?

Tory Hunt, cybersecurity expert and regional director of Microsoft, walks “Am I Pwned”.

On the website, you can check if your email has been compromised as part of any of the data breaches that have occurred.

If your email address appears, you must change your password.

Pwned passwords

To check if your password might have been exposed to a previous data breach, go to the site’s homepage and enter your email address.

The search function will compare it to the details of historical data breaches that have made this information publicly visible.

If your password does show up, you’re probably at greater risk of being exposed to hacking attacks, fraud, and other cybercrime.

Mr. Hunt built the site to help people check whether or not the password they want to use is on a list of known breached passwords.

The site does not store your password alongside any personally identifiable information and each password is encrypted

Other safety tips

Hunt offers three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and store unique passwords for each service you use.

Then enable two-factor authentication. Finally, stay on top of any breaches

You might also like More from author