Can you believe that passwords are 50 years old?
Passwords were first used by researchers to maintain individual accounts on shared computing projects. And while the tool is “enough to protect against casual snooping,” according to Fernando Corbato, pictured to the left and one of the researchers who developed them at MIT back in 1964, passwords don't provide a “high level of security.”
Passwords were apparently first used on MIT's Compatible Time Sharing System or CTSS, which was responsible for many pioneering online technologies, including email, instant messaging and file sharing.
The first hacked password probably happened on CTSS. (See below)
A high level of security is needed in this day of cloud computing and online banking. A recent report claims that $400 Billion worth of fraud is committed online annually. Weak password security and management is partly to blame.
While passwords are cheap and universal, they are rather primitive and easily hacked, especially if simple passwords are used. High-tech replacements, like fingerprint scanners and facial recognition are being developed, but they cost more to implement.
Other ideas, like two-tier authentication or multi-factor authentication provide an extra layer of security because authentication is required in more than one location or manner.
How do I protect my passwords, you ask?
It's important to maintain separate, complex passwords for each account. Professor Corbato recommends using a cheat sheet or password management program. We use LastPass for password management and to share with associates. It works on mobile devices too!
We've seen people use Evernote or other simple note programs to save passwords and if you do, you should cloak them some way in case someone gets access. One trick we use for passwords that require simplicity is to add additional characters that are not needed, or actually used when the password is entered. We encourage the use of numbers and special characters and some sites require them.
Passwords like “i439Lou1se&akfnnso%weRR” are really secure, but nearly impossible to remember, and some people don't use password management or simply desire something more secure.
Let's say you want your ‘simple' password to be “simplepassword.” Both words are in the dictionary, so we might recommend replacing the “i” in simple with a “1” and while you're at it, why not capitalize the “P” in password (or even the “P” in simPle.) You might also replace the “o” with a numeric “0.”
Some online applications require both upper and lower case letters and numbers and we have that in the example. But sometimes at least one symbol is also required and, as mentioned, it is a good practice, so we might put an exclamation point in at the beginning of the password…or at the end…or both.
Bear in mind that some apps only allow a handful of symbols, so you'll need to use only approved symbols.
For some non-secure reason, some apps don't require symbols at all!
So our new password, which is fairly easy to remember, might be “!s1mplePassw0rd!” which contains 2 symbols, 2 numbers and at least one lower and uppercase letter. It's not as secure as “i439Lou1se&akfnnso%weRR” if for no other reason than it's not as long, but it might work well for you.
If you're going to store it on a cheat sheet, we recommend that you use an extra letter or symbol that is ALWAYS a throwaway. Example: “!s1mple&passw0rd!” Note the “&.”
How secure is my password?
Very good question! Would you also like to see how long it would take a hacker to crack it? Go to HowSecureIsMyPassword.net to find out! (Don't worry. The site is secure!)
While you're there, try adding a letter or two or a symbol to the password you're testing. See how much longer adding even one character adds to the time it would take to hack your site?
We checked “simplepassword” and it estimates that a desktop PC could crack it in 511 years, (but we still think it's risky because it consists of 2 simple word). By adding just one exclamation point at the end, the estimated time to crack the password increased to 12 million years!
The password “i439Lou1se&akfnnso%weRR” would take 194 septilian years, by the way!
Why You Should Always Use Different Passwords
It's easier to have one password for all uses, right? But if that password is compromised, the hacker will have access to everything you do online from banking, investments and credit cards to social media accounts, memberships sites, merchant accounts, etc. All they have to do is try the various sites and they sometimes have programs that can check hundreds of times per second.
That can be costly and time consuming.
Don't use the same password on multiple websites or blogs! Ever!
All too often, we get approached by people who have had multiple WordPress sites hacked because they were using the same password on each site! Removing malware from multiple sites can be very costly. ALWAYS use a different password for each site and we recommend that you use different cPanels for each site, if possible.
We also had a client once who used the same password on about 6 sites and didn't change it when he ended a relationship with a sub-contactor. Unfortunately said customer was victimized by his former vendor. Using LastPass or RoboForm and changing the password once the relationship was terminated would have prevented that from happening.
Passwords You Should Never Use
Google a phrase of “most popular keywords” or “passwords you should never use.” If your password is on any of those lists, you should change it immediately! You'll find the following examples and more!
And numerous references to sports, intimate situations and even “password.” Use something unique as suggested above, not only for passwords, but also password reminders!
Don't use your spouse or kid's name, where you were born or the name of a school you attended. They can all be found on the Internet! Even your mother's maiden name!
One recommendation for a password reminder might be to LIE. Don't use your mother's maiden name, make up one! Then use that lie on all sites that ask. It'll be your little secret!
The First Time a Password Was Hacked
Rumor has it, the first time a password was hacked was on MIT's CTSS, the system used to pioneer so many things on the Internet!
In 1966, a software bug caused the master password list to be displayed on the system's welcome page. One of the researchers, Dr. Allan Scherr, was frustrated by the lack of time he was allowed (4 hours per week) on CTSS to run simulations he had developed for the system. So he had the list printed and used other logins to access the system!
Dr. Scherr went on to work for IBM, but confessed to the theft to his professor 25 years later.
If you need help managing or re-setting passwords on your WordPress site, contact us today!