Change your password often: why do it?

password text boxesEver wonder why experts recommend that you change your password often? If you have never been hacked, why bother right? Let’s face it, using the same username and password in multiple sites is a common practice, but even if you actually have different passwords, should you bother? And how often is it necessary to change it? Let’s understand the threat first. Websites that store your passwords are supposed to store them in an encrypted form, this is common practice but you really have no guarantee that it is actually happening. You also have no guarantee that a website is fully secure; read up on SQL injection attacks to understand how passwords and other information can be retrieved from misconfigured websites. Even popular sites have proven how hard security really is. Over 6 million user accounts were compromised back in 2012 when LinkedIn was hacked. Software tools are out there to crack password encryption quickly and these tools are easy and free; one such tool is HashCat. Aside from HashCat a hacker also needs a dictionary or word list. A popular list used by hackers is the rockyou list that was published by hackers back in 2009 and exposed over 32 million unencrypted passwords. The reason for the specifics here is to allow you to Google this information and understand the threat better. Although the methods used to encrypt are still technically strong, these tools really reduce the importance of strong encryption. If your password is common, it can be cracked in minutes regardless of the level of encryption used. The understanding of what passwords we use has improved drastically over the last few years because of these password lists becoming easily obtainable. Hackers can more quickly find commonly used passwords and variations. The more of these leaks occur, the more likely a hacker already has your password and crack the encryption within a matter of minutes. Common practices such as capitalizing certain letter, exchanging letter O for zero or the letter E for 3, are already known by hackers. The easiest way to protect yourself is to use passwords that are random, that include numbers and symbols, and are at least eight characters long. And if you are using the same passwords across sites at least use different passwords for banking and email accounts. Also, never access your email and banking sites from computers you don’t trust or from public wifi unless the wifi is encrypted and your website displays an HTTPS address.

Leave a Reply