Case Study 6: Creating a Secure Password
This is the sixth and final case study to be released during October for National Cybersecurity Awareness Month.
Passwords are considered one of the weakest points that hackers use to infiltrate an organization and begin stealing valuable information. The news about the Ashley Madison breach revealed some startling information about the passwords that people used to “secure” their accounts. The security firm Avast was able to run a password-cracking utility against the Ashley Madison database and crack 25,393 passwords. Out of all of those passwords, only 1,064 were unique. This means that approximately 1 out of every 25 passwords were different from the rest. You may ask, “How were they able to crack these passwords?” The firm used two known passwords lists that are available to anyone on the internet and ran them against the database until it found a match. These password lists are The Top 500 Worst Passwords of All Time and the 2009 RockYou hack. Unfortunately, this information reveals how frivolously we consider our online security and accounts. If people don’t care about the password they use on a cheating site, how much less do they care about the passwords used for email, banking, e-commerce and credit card bill pay sites?
To protect your information, it is important to create strong passwords. The best passwords have the following characteristics:
- At least 12 characters.
- Use a combination of random characters, numbers, upper- and lower-case letters, and whitespace.
- Don’t reuse a password for multiple sites.
- If you must use a phrase, change some of the letters’ cases, and add special characters to the beginning and end.
- Don’t use dictionary passwords.
- Don’t use any of the passwords from the The Top 500 Worst Passwords of All Time or RockYou hack.
- Don’t use work passwords for personal accounts.
- Change your password regularly.
To help you remember all of your passwords for different accounts, use a secure password store like KeePass or LastPass. These applications create long complex passwords for you and securely store them. When you need a particular password, you can securely copy it to your computer’s clipboard and insert it into a site.
Your choice of password matters. Consider your online safety, and stop using an easily crackable password for your email, e-commerce and credit card sites.