- 149 Mulgrave Road, Cairns QLD, 4870
The 2024 data is in, 37 seconds to crack a password of 8 characters. We need longer passwords!
Hive Systems have released their 2024 Password Table, a well tested, documented and displayed list of various combinations of passwords, encryptions and hardware that might be used to Brute force our passwords.
The aim of hackers is to get a combination of an email and a password & then try them to log in to Social Media, government sites, banks or other websites they can find personal information. Our aim should be to make this as hard as possible for them.
A worrying aspect of passwords is that they are often used repeatedly over multiple sites. This becomes even more worrying when Work & Personal passwords are the same. So when you are forced by IT at work to change your password every 6 weeks, try not to grumble and take the opportunity to think about your passwords.
Hive Systems strongly suggested that you start your password check on the breach site haveibenpwned to check if your password is there, if it is then change your password now!
They also are reporting that by lengthening your password to 16 characters, the ‘crack’ time will be extended, often into years. Even better if passwords are randomly generated, 2jXsm4KKwXS3sj83 for example, but how will you remember that?
Password storage sites like LastPass, 1Password or Bitwarden can help ‘remembering’ passwords and are great as they use a technology called Hashing to encrypt their database but even they can be hacked.
If you want to keep control of your own passwords, our suggestion from last year is to have a system that allows a slight change between logins by having a ‘base’ password that can be adjusted for each site. For example, sunny & gate which are easy to remember but not usually related can be used as 46sunnyG@te513. Modified to 16 characters for your Facebook login to be 46sunnyG@te513Fb or 46sunnyG@te513Bk for your bank.
Is MFA or 2FA (2 Factor Authentication) helpful or just annoying? This is now becoming more common, requiring you to set up a 2nd form of identification that is authenticated by an external source, Microsoft Authenticator is a commonly used MFA, banks often have a Token which generates a number and the Tax Office has an app. While this is a great layer of security to prevent a breach, not all logins require MFA so a strong password system is still essential to protecting personal identity.
Lastly, don’t forget that Convincing emails and Text messages, Keylogging Malware and credential harvesting by social engineering tactics, now with the assistance of AI, still account for a huge number of stolen username and password incidents.
Stay alert, don’t use the same password across logins, think about what you put on social media, check before opening unexpected emails, don’t click on links and ring the company if the message asks you to change their bank details!
© Brilliant Technologies 2024
