Passwords

What is a password?

Passwords are one of the most common methods against unwanted access to information. They are how you authenticate with lots of systems and prove who you are.

You probably already use passwords when you want to login to your home computer, your email account or to your bank account or to various systems you use in the workplace.

The disadvantage to how common passwords are as a method of authentication is that we have to try and remember all of the various different passwords we use for different things.

This means that individuals frequently select passwords that wouldn't be considered secure and are vulnerable to attack. The list on the right hand side includes what has been reported as some of the most frequently used passwords.

Common Passwords

  • 123456
  • qwerty
  • password
  • 111111
  • abc123
  • password1
  • iloveyou
  • admin
  • princess
  • football
  • god

Password Risks

Using any of the passwords in the list shown above means that any account you're using them to authenticate with is insecure and has likely already been compromised at some point in the past. Worse so, it might be tempting to use the same password for multiple different accounts.

Using the same type of password for multiple accounts means that if an attacker discovers what one of your reused passwords is, they can easily comprise other accounts that you may hold.

An attacker might use something called a "dictionary" attack when attempting to break a password. A dictionary attack can quickly run through all of the variations of known words and combinations of words in a matter of seconds.


Selecting a secure password

Thinking about the types of attack that might take place against your passwords – it’s helpful to think about the relative strengths of passwords. Using shorter passwords means that they can be broken faster, a longer password is typically more secure because it takes longer for an algorithm to decipher it.

In the weak examples shown, an attack would break through these passwords very quickly. This is because the shorthand Plym for Plymouth would be identified by a dictionary attack and the numerical value would be the first number tried alongside the shorthand phrase.

The medium examples are slightly better because they are both longer and use a mixture of upper-case and lower-case characters. Keep in mind though that the use of a word is not ideal because this would still be broken by a dictionary attack.

The better examples are even harder to break because they use a mixture of numbers, upper and lower-case characters and symbols. The second example of the two is the preferable option because a dictionary attack would not detect the underlying word Plymouth because of how heavily disguised it is.

Password Complexity

    Weak:

  • Plym1
  • 9Plym1

    • Medium:

  • PlyMouTh1
  • 9PlyMouTh1

    • Better:

  • 9P!yM@uTh1
  • 9P!y#@uTh1