Wednesday, Dec 25 2013 06:00 AM

Tech Wire: Are complex passwords more secure?

Related Photos

Matthew Sgherzi

On Nov. 24, security experts tracked down some very big "hacks" to a server located in the Netherlands. What they noticed on this server were over two million passwords and login credentials for users on over 93,000 different websites.

The number of users who had their login information hacked is numbered by the following:

Facebook -- 318,000

Gmail, Google+ and YouTube -- 70,000

Yahoo -- 60,000

Twitter -- 22,000

Odnoklassniki (Russian Social Network) -- 9,000

ADP -- 8,000 (ADP claims it counted only 2,400)

LinkedIn -- 8,000

The hacked accounts also revealed some interesting information. The most popular password users use to log in to their online accounts is "123456." This is startlingly easy to guess and is not very secure. While these hacks are not good news, they reveal information that allows you to be safer based on the mistakes others are making.

Steve Gibson, IT security expert and founder of the "Gibson Research Center," stresses the use of more complex passwords and that, essentially, the more complex your password is, and the more difficult it will be to crack.

While this is by definition true, it is not realistically true. Many "experts" will say that you should make your passwords complex and use different varying strings and homonyms. I recommended this in my earlier article about securing your wireless Internet. However, it is important to know why you should do this and when it doesn't really matter.

Using super long complex passwords became a defense against what are called "brute force" attacks. A hacker used to be able to run a program that would try to log in, for example, to your Yahoo e-mail account trying millions of different passwords every second. The theory was that if you had a complex password, it could not be "cracked" by a brute force attack.

However, this is not the case anymore. The reason is because most, if not all, websites have policies that say if you log in with an incorrect password multiple times (usually three or five), then it will lock you out for a period of time. This means that passwords for websites such as your bank account or e-mail can no longer be "cracked" the traditional way.

That doesn't mean your password should be "dog" or "123456." However, it doesn't mean you have to go to the extreme and make your password 50 characters long of nothing but symbols, either. It means that you should choose a password that you can remember but that nobody else will be able to guess.

This idea does not apply to your wireless Internet, though. Your wireless Internet connection can in fact still be cracked using traditional brute force, dictionary, rainbow hash and other attacks. In this case, you should be using WPA or WPA2 (preferred) encryption with a very strong complex password.

To test your password's "crackability", be sure to head on over to the Gibson Research Center at GRC.com. Click the "Shields Up!" logo, scroll down and click the "Password Haystacks" link.

Remember: You only need to make strong complex passwords for your wireless Internet as well as your router login. For your online accounts, don't become too obsessed with making strong passwords. They cannot be cracked the same way, so be sure they cannot be guessed and make them something you will be able to remember.

As long as you're not infected with malware, you have passwords not easily guessed, you secure your wireless Internet properly and are not logging into important accounts over a public Wi-Fi network, then you and your accounts should be well protected!

MATTHEW SGHERZI lives in Tehachapi where he has operated an IT business since 2007 (tehachapicomputers.com).

Print Submit Letter Submit Commentary
Subcribe icon


Real Estate

Tehachapi Real Estate 3/25/2015
Local Advertisers

Social Tehachapi

Updates from local businesses