Before we begin, why should learning how to write strong passwords be of much more importance to you? Believe it or not, it is a statistical fact that more people are hacked as a result of weak passwords than any other single factor. This is also why encryption – aka passwords – should be much more important to you. With that said, learning how to read, write and remember strong passwords is not nearly as hard or complicated as people might think, in fact it is rather easy once you understand the core concepts.
Lesson 1 – Password Length:
To unlock someone’s password, “law enforcement authorities” and/or “hackers” will either run something known as a “Brute Force Attack” or “Dictionary Attack” against it, in an attempt to break or de-crypt the numbers, letters and symbols contained within the password itself. One by one over time, these software programs will slowly decrypt the password, just like cracking the numbers to open a vault or safe.
Quite simply, the more complicated/randomized the sequence of numbers, letters and symbols in your password are, and the longer the password is, the longer it takes hackers to break. Moreover, each letter, number or symbol you add on to the end of your password literally makes it exponentially harder for even the most sophisticated programs to crack. For example, here are estimates from the FBI regarding how long it takes them to crack lengthier encrypted passwords.
- seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
- eight-digit passcodes will take up to three months, and on average 46 days, to crack
- nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
- 10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
- 11-digit passcodes will take up to 253 years, and on average 127 years, to crack
- 12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
- 13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack
Lesson 2: LEET or “1337” Language:
L33t Language is a way of replacing letters with numbers and symbols in everyday sentences and it is perhaps the most basic form of encoding used to encrypt messages. To understand how it works, here are some quick examples:
Normal Statement: BankruptMedi4 or TheDailyProletariat or Elitepassword or Activism
L33t Version: 84nkru97M3di4 or 7h3D@i1y9r0L37@Ri@7 or 31it3p4$$w0rd or 4ctivi$m
It doesn’t necessarily have to be that complicated and you don’t necessarily have to replace as many letters with numbers and symbols, those are just examples of how it works. You can run a dictionary attack at “84nkru97M3di4” or “7h3D@i1y9r0L37@Ri@7” all day long, go ahead – have fun. To make the password even stronger mix in capitalized and un-capitalized letters throughout.
I think I have explained the concept easily enough? To make an un-hackable password simply take a name, phrase, short sentence – et cetera – that is personable to you and convert it into l33t language, then use that as your new password. Not only will it be impossible to break, but it should be fairly easy for you to remember. And as always, use two-factor-authentication whenever possible.
Lesson 3: Two-Factor Authentication
I’ve always understood that 2-Factor Authentication (2FA) is a concept lost on most “normal people” in society right now, but a new statistic really puts it all into perspective. This would be the news that, according to Google’s own statistics, less than 10% of all Gmail or Google business owners currently have enabled 2-Factor Authentication for their online accounts. Considering that Google is estimated to host well over 2 billion accounts globally, this means that there are over 2 billion insecure accounts floating around the internet right now – and that’s just from Google alone!
This is not to mention the fact that there are literally billions of email addresses, along with their passwords, currently available on the Deep Web and DarkNet for search. For example, there are single websites around the internet that are currently selling the log in credentials of 1.4 billion people and if anyone of those people simply just enable 2-factor authentication for their accounts, all the information stored on those would become utterly useless.
Responding to the news last week Grzegorz Milka, a Google software engineer, said that the company’s latest statistics “demonstrates the lack of awareness of cyber threats and the way to mitigate them.” Adding that he believes more people don’t or haven’t “configured 2-Factor Authentication for their accounts” because “many users believe 2FA can make their experience worse,” or at least more of a hassle. To do everything they could to mitigate the problem from their end, Google also took the occasion/platform to release a 2-Factor Authentication tutorial of their own, imploring Google users to immediately begin securing their accounts in this way.
Google 2FA Tutorial: https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome
As for what 2-Factor Authentication is, does or means, it’s not nearly as complex or complicated as people think. In fact, it only adds about 10 seconds to the amount of time it already takes you to log into your accounts anyways. Essentially, as soon as you type in your password and press enter you will receive a text message on your phone, which will have a short code for you to type in. Without that secondary code no one is allowed to login, even you. That’s it – literally. That’s the amount of “hassle” it will take you to begin practicing strong cyber security in the future. Again, despite the simplicity of it all, less than ten percent of people in society have taken this step.
2-Factor Authentication should be available for nearly every App or account you own, and you can find/enable it by searching for it in your account(s) settings. As I also once explained in a different article on this subject earlier last year, even if someone already knows your password, “close to 100% of hackers will be prevented from successfully hacking into your social media accounts if you simply enable 2-Factor Authentication” for them – and I still believe this holds true today.
As I was in the process of writing this article I got a text message informing me of new log in codes to verify, because someone had somehow managed to brute-force their way past my password – which no one has ever been able to do before. Put another way, my site was literally saved from being hacked/hijacked by malicious cyber actors, all because I once enabled 2-factor authentication on my account(s) months ago. To put the importance of 2-Factor Authentication into focus, I’ve invested thousands upon thousands of hours of my personal time into this website, and it took me less than one minute to turn on and verify 2-Factor Authentication for it – certainly worth the time/effort!
Categories: Cyber Security