Anyone who enjoys crime dramas may have seen the following less-than-accurate scenario in a recent flick.
After evading about a dozen bad guys, the hero makes it to the office where the villain keeps evidence that will put him away for good—but the laptop is secured with a password. The hero connects a device to the laptop, keeping a wary eye out for would-be attackers as the “code cracker” does its job, one character at a time. The final character in the password falls into place just as the next bad guy rounds the corner . . .
This scenario is simple to understand and creates a compelling movie scene. But it is not how password cracking works. The truth is that hackers cannot crack a password one character at a time. Passwords are all or nothing, which means that length is just as important as complexity in creating a strong password.
Fact or Fiction: Creating a Strong Password
Following are some other common myths about how passwords really work.
Fiction #1: Weak passwords aren’t that big of a deal because the hacker only has three attempts before he is “locked out.”
Fact #1: Hackers are not sitting on the user’s login screen trying potential credential combinations. Instead, they typically attempt to gain access to entire databases of passwords—often through a phishing email. Having obtained the database of encrypted passwords, the hacker can take many attempts to crack each one individually so those weak passwords fall first.
Why this matters: Complexity is key. The hacker will start by attempting the most common passwords (e.g. password, 1234, etc.), trying each one against the entire database. Attackers know that certain combinations and substitutions (using “@” instead of “a,” for example) are used more often, so their tools are designed to attempt those combinations first. The most complex passwords will be attempted last—or not at all.
Fiction #2: The best passwords are impossible to remember.
Fact #2: Remembering a strong password does not have to be as difficult as memorizing lines for a starring role in a movie scene. The key is to create a password that is both lengthy and complex enough that the chances of a hacker landing on that exact character combination drops considerably.
See more of CRI’s top tips for creating a strong password.
Why it matters: This goes back to the “only in the movies” scenario described above. Since hackers must crack the entire password at once—not one character at a time—a longer password takes longer to crack. Even a super computer will take much longer to decipher a 12-character password than a six-character one.
We believe that understanding the true threat and dispelling these misconceptions will assist people in taking the best steps to protect their data by creating a strong password — rather than opting for passwords that are easy to remember, such as a pet’s or a loved one’s name. The good news is that strong passwords don’t have to be as long as a movie script. Contact CRI’s cybersecurity team for more tips regarding how to protect your information from hackers.