Scorpion Software Blog

Locks on the house are said to be there to keep honest people honest. Likewise, a password connected to a user ID is meant to dissuade honest people from looking in on your personal account. The password may be used to access to your email account, look in on your online banking, or direct them to your account at a shopping site where you purchase goods to be delivered to your home. Whatever type of secured password you use, it is only as powerful at safeguarding your personal information as the length of time it takes to be hacked by an online attacker.

Developing a secure, usable password is important to guarantee your online information can be safeguarded against hackers, online attackers or cyber-criminals eager to harvest your data. Even more so, your information may be harvested not from your computer, but from an online retailer or email account. If you use the same password more than a single account, the hacked bits of information can give the online attacker the ability to gain access into other accounts of yours.

How do they steal passwords?

• Brute Force Attacks – Cyber-criminals, hackers and online attackers use software programs that are specifically designed to seek out every word in the dictionary to use as a possible password. Additionally, hackers will develop algorithms that help them develop possible combinations of words, along with combinations of letters and numbers, with special characters in an effort to breach the password safeguard.

• Information Stealing Malware – Cyber criminals use effective malware such as sophisticated keyloggers that have the ability to strip personally identifiable information (PII), along with logon credentials anywhere you enter them.

• Phishing Pages/Emails – Many times each day, nearly everyone receives a variety of phishing emails that mimic credit card companies, banks, financial institutions and a variety of well-known businesses and organizations. Often times, the specific messages will instruct the user to update their account, click on a link, or provide useful information. Once the user has clicked on the link, they are generally directed toward the phishing site, as opposed to the legitimate business website. Once the unwitting user has arrived on the bogus site, they are often tricked into uploading their highly personal account information exposing their ID and passwords.

• Information Breaches – Many online hackers, attackers and cyber criminals often work hard to hack into business and corporate networks to harvest (steal) much of the crucial, personal information including trade secrets, customer data, purchase information and other pertinent, valuable records. Some of this data can then turn around, and be used in a social engineering attack on the end users themselves.

Creating a usable, secured password is an easy and straightforward approach. It requires:

Multiple Passwords – It is imperative to create multiple passwords. Each password needs to be complex and preferably formulated by using a specific quote from a movie, a line from a book, or something that has special meaning to you. Create a unique password for each account you have, whether it is a trivial account such as Twitter or financial account including your bank.

Mix It Up – Straight text is an easy formula for online attackers to hack. It is important to mix up the phrase. You can do this by adding punctuation and spaces. Replace an “O” with a “0” (zero), or E’s with 3’s. Better yet, use unrelated replacements such as “@” or “%”. You can easily create a table of unusual alterations were any string of letters can be quickly transformed.

Brute Force Resistance –Hackers sometimes use brute force technologies as a way to decrypt stolen password databases. By using a personal phrase that has been “mixed up” (referred to the information above), can minimize any chance of being instantly hacked. Your goal in the end will be to generate a password of 16 or more characters long to ensure you develop enough brute force resistance to make your password computationally prohibitive to recover.

Trim Both Ends – Once you have formulated a complex, seemingly-impenetrable password, consider trimming both ends, along with the center. The phrase “batteries not included” can be trimmed to “tteries_nt_inclu”. While it might not make any sense to anyone else, it makes perfect sense to you. This can easily circumvent a hacker by making it more challenging to penetrate the barrier.

The Shift Key – The shift key can be a wonderful tool for developing the ideal complex password. Any word like “Sweet” can be transformed into “Sw33t”. By using the shift key on a three you can transform “Sw33t” into “Sw#3t”. Once again, the word might not make any sense to anyone else, but it makes perfect sense to you.

Using the above tips allows you to easily create a simple phrase that you will understand, into a complex phrase that no one but you will ever understand.

If you want to take things a step further check out our whitepaper on "The Five Failings of Password Security" below.