The Top Tips for Creating Passwords that Stop Hackers in Their Tracks

Photo courtesy of Flickr: Channy Yun

If you are a small business owner or one of the many IT Professionals around, then you are no doubt familiar - or should be - with the importance of password security in a work or home environment. But what you may not know is how to make your password as strong as possible. Inside this post, we'll discuss some of the best tips for creating strong password and preventing hackers from accessing your information and files.

Hacking by Numbers

While everyone may know that hacking, malware, virus', and Trojans are a serious problem, I am not certain most of the public understand the extent of the danger or damage caused by this nefarious activity. Before we discuss how to make sure your password security is top notch, let's look at some quick statistics:

  • A six character password takes around 10 minutes (or less) to hack.
  • An eight character password with two uppercase letters takes 3 years.
  • A nine letter password that contains a number, symbol, and uppercase letters, would take over 40,000 years to crack.
  • Roughly 75 percent of Americans are victims of Internet crimes.
  • Nearly six months pass between the time a computer is first infected, and that infection is actually detected.
  • 90% of businesses will fall victim to some sort of hacking or malware this year.
  • Up to 50,000 websites are infected by Trojans every day.

Those are some scary numbers. It is also important to remember that password security goes well beyond your home computer - or work computer if you are IT professionals or work in an office environment. Cell phones, video game consoles (such as Playstation's breech in 2011), and even your debit card can all fall prey to a hackers malicious intent. Just ask retailer Target, who had to offer customers a 10% discount after their databases were infiltrated.

The Definition of a Strong Password

So what makes a password secure or "strong"? What defines a "weak" or easily hackable password?

A weak password can be defined as anything with six letters or less. A password can also be weak if it follows any of these mistakes:

  • Is a default password that came with the software or equipment
  • Is a plain string of text with no special characters, numbers, or uppercase/lowercase variance
  • Contains double words, such as appleapple or bobbob
  • Is sequential. For example: 123456789 or abcdefg
  • Is personal, like a birth date, name, social security, anniversary, dog's name, and so forth.

A strong password, on the other hand, must be at least 8 characters long and should not violate any of the definitions of a weak password, as listed above.

They should also consist of a variance of uppercase and lowercase letters, numbers, and special characters, including: ` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ |: ; " ' < > , . ? /

Keeping Your Password Secure

On top of creating a strong password, you also have to make sure no one discovers your password - after all, if you cannot protect your password, it does not matter how secure it is!

Avoid giving your e-mail out to friends, family, and co-workers. That may sound obvious, but you would be surprised how often I see it occur. Another common faux-pas is to post your password on a sticky note. I have seen people append their password to the underside of their keyboard and desk, and even (frequently) to the side of their computer monitor. You are just asking to be hacked.

Never reply to any e-mail asking you for your login information either - this is known as a phishing attack. Phishing attacks usually come in the form of an e-mail that looks like it is from a bank or website that you frequent and will often include a request for you to reset your password with a link that looks like it leads to a legitimate site. Do not be fooled by these. If in doubt (and you should always be in doubt), go directly to the website the e-mail claims to come from and login. If your password needs to be changed, you will see a notification there.

Finally, try to avoid the temptation of using the same password for everything. If your password is discovered, and you use the same one for everything, you have pretty much just signed away everything: your bank account, personal info, access to your computer, phone, game console, and even your identity.

The bottom line: if it is easy for you to remember or find, it is easy for a hacker to crack or steal.


World's Largest Selection of Server Memory and Optics