We live in a world of user names and passwords. Every utility account, credit car account, government account, bank account must have a password, and a PIN. And many also require you to answer identifying questions.
I have some problems with this as the older I get, the leakier my memory becomes.
Last week I actually locked myself out of an online account because I couldn’t correctly answer simple questions about myself that I had chosen the answers to!
Question: what was the name of your first dog?
Me: Did I say my first dog as a kid? My first dog I bought for my kids? My first dog after I became single again? So I guessed, I assume wrongly.
Question: What is the name of your oldest cousin?
Me: Did I say my cousin Michael, who is the oldest of the cousins I am in contact with? Or did I say my cousin Doug, who is technically my oldest cousin but whom I haven’t seen in 40 years? I guessed. Wrongly.
After phoning and getting it all sorted out, the very nice woman who helped me gave me a pro tip. When you answer the questions, take a screen shot of the answers so you’ll know. Not only good advice but also indicates that I am not the only goober who has run into this problem.
As for passwords, I break all the rules. I use the same one for pretty much everything, and I do not change it. I have it memorized. That, my PIN and my social insurance number are the only things I have retained in long term memory. Try as I might I can’t jam any more in there.
But I think I’m going to have to change it after reading up on safe passwords and how easily a hacker can figure your password out.
From blog.avast.com and Charlotte Empley:
How does a password get hacked?
Cybercriminals have several password-hacking tactics at their disposal, but the easiest one is simply to buy your passwords off the dark web. There’s big money in the buying and selling of login credentials and passwords on the blackmarket, and if you’ve been using the same password for many years, chances are it’s been compromised.
But if you’ve been wise enough to keep your passwords off the aggregated blackmarket lists, cybercriminals have to crack them. And if that’s the case, they’re bound to use one of the methods below. These attacks can be aimed at your actual accounts or possibly at a leaked database of hashed passwords.
Brute force attack
This attack tries to guess every combination in the book until it hits on yours. The attacker automates software to try as many combinations as possible in as quick a time as possible, and there has been some unfortunate headway in the evolution of that tech. In 2012, an industrious hacker unveiled a 25-GPU cluster he had programmed to crack any 8-character Windows password containing uppercase and lowercase letters, numbers, and symbols in less than six hours. It has the ability to try 350 billion guesses per second. Generally, anything under 12 characters is vulnerable to being cracked. If nothing else, we learn from brute force attacks that password length is very important. The longer, the better.
This attack is exactly what it sounds like — the hacker is essentially attacking you with a dictionary. Whereas a brute force attack tries every combination of symbols, numbers, and letters, a dictionary attack tries a prearranged list of words such as you’d find in a dictionary.
If your password is indeed a regular word, you’ll only survive a dictionary attack if your word is wildly uncommon or if you use multiple word phrases, like LaundryZebraTowelBlue. These multiple word phrase passwords outsmart a dictionary attack, which reduces the possible number of variations to the number of words we might use to the exponential power of the number of words we’re using.
So I have to come up with a new password, the length of a short paragraph, filled with random numbers and letters and words that I cannot possibly be able to remember. I hope I remember to do that.