GREENSBORO, N.C. — How safe is your password? How long would it take a computer to crack it and get all your information?
Check out this graphic from Statista. It shows the number of characters in a password, one through 12 and how the added options (lower case only, at least one uppercase letter, one uppercase letter and a number, and one uppercase letter a number and a symbol) impact the time it takes to crack them.
Let’s say most of your passwords are six characters and include all those things. The estimate for cracking it is…. instantly. Why is that? Cyber security expert Joseph Steinberg says humans are predictable.
“It's a lot easier to crack a password than most people think. Humans have a tendency to create passwords in formats that require a capital letter, a number, and a special symbol. Humans who speak English will put the capital letter at the beginning, then lower-case letter, then the number, then the special character,” said Steinberg.
How do we get more security bang out of our password? Part of the key is length. The graphic shows 10 characters or more.
Your quick fix for that may be using a phrase that comes to mind. For example:
tobeornottoBe10
myDoghasfleas31!
These two meet the requirements of longer, upper and lower case, numbers and a symbol, but Steinberg says these would be cracked quickly too because there are programs trained to look for common phrases. How do you get around that?
“I like to take three unrelated words; names, places, something not found in an English dictionary and combine those three words. If you want to be tricky, but a digit in between them,” said Steinberg.
Here’s my example, I picked things that are familiar to me. miami8Josevamos
I have a place, a digit in the middle, a name (which I capitalized) and then the Spanish word for go, vamos.
Steinberg said, to keep the strongest passwords for the accounts that count.
“There are some passwords that should be in your mind & that's the only place they belong, I’m talking for your email, Apple/Google account, social media accounts and banking. A human can remember certain passwords and you don't have to change them often, if you create them strong enough, you don't have to change them every 30 or 90 days,” said Steinberg.
What about the other accounts? He says to use a password manager and make that one password strong.
When asked about the weakest of passwords like 123456, he said, “If the only reason you're creating a password is because the site requires it to access data, but there's none of your data being stored on the site, there's really no reason to use your brainpower to store another password. But if we're talking about your online banking, your social media, 123456 is not going to cut it.”