Skip to content

Privacy and Security on the road- Part 2 Passwords

January 30, 2016
WIFI Pineapple

Passwords are critical to everything we do.  We all have passwords for many different things.  In many cases a simple password may be the only thing that safeguards us from hackers stealing our identity.

What makes a password less secure

  • No password at all:  In this day you should have a password on EVERYTHING that includes your iPhone… yes I know it is inconvenient but it is not as inconvenient as having it lifted when you are not looking or someone using data on it to pretend to be you by emailing your banker and asking them to move your savings into a Swiss Bank Account.
  • Weak passwords: An easily guessable password like your dogs name is a poor choice.  The first thing someone will do is troll your Facebook, Twitter, Instagram and online forums looking for people’s names in picture captions and trying them as passwords.
  • Anything that is short can be targeted by hackers with very little computer power.  With a password that is only lower case letters, a 1 character password has 26 possible combinations, a 2 character password has 676 combinations, a 3 character password has 17576 possible combinations and an 8 character password has 208827064576 combinations.

What makes a password more secure

  • Adding length is probably the easiest way to add security  In the above example: a password that is only lower case letters, a 1 character password has 26 possible combinations, a 2 character password has 676 combinations, a 3 character password has 17576 possible combinations and an 8 character password has 208827064576 combinations.  This is not enough though, 208827064576 is still a small number for computers.  If you add upper case letters, as well as lower case, you make a 1 character password 52 possible combinations a 2 character password 2704, 3 characters are 140608.  If you add all the number keys (1-0) that makes a 1 character password 62, a 2 character password 3844 and a 3 character password 238328.  Adding all the common special characters on a US keyboard like ! @ # will make it 92 combinations for a 1 character password, 2 characters are 8464, 3 characters are 778688 and a typical 8 character password would be 5132188730000000 combinations.  That is a big number when using a combination of lower case, upper case, numbers and special characters, but for a computer that is still a small number.  Imagine a 50 character password, that would be 1546647580000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 that is a much bigger number.
  • Adding length is not the only factor in making a password complex.  A lot of password hacking tools have some intelligence to them.  Before they try trillions of combinations, they try using a dictionary attack.  A dictionary attack can go thru the entire Websters dictionary in a matter of seconds.  Even a large word like Machiavellianism can be cracked in seconds or minutes.  Password cracking tools can even figure out when people simply tack a number on the end of a dictionary word ie Fido1 or substitute numbers for letters ie zero for o, or 3 for e or 5 for s.  Using slang and nonsense words help a lot.
  • One of the easiest ways to make a secure password is make a passphrase.  Make an easy to remember sentence that makes sense only to you.  Look at the first two lines of the lyrics to a famous Otis Redding song “Sittin’ in the morning sun I’ll be sittin’ when the evening comes”.  That is 61 characters long has special characters and uses slang words that would not normally appear in a dictionary but is also easy to remember if you are an Otis Redding fan.  That passphrase would take computing power only available to 3 letter agencies to crack it.

Two Factor Authentication

Two Factor Authentication is a good way to make password “almost” uncrackable and is in fact the single easiest way to secure your identity.  The key to its security is basically creating a second password.  This does not mean you have to remember a second huge password, the idea is that the first time you connect to a site or service, you do a one time second authentication.  When you use your regular password it basically proves you are who you say you are, but the second one says only trust me with my password from this specific device only.  This way if a hacker in Russia is able to harvest your login and password from Facebook thru a hack, they will not be able to login to your account without providing a second password to start trusting his PC as well.  There are a number of ways to do this, but the most common is that when you enable Two Factor Authentication on your account, they ask for your cell phone number.  Every time you login to a new device the first time, you instantly get a text message with a unique number (usually about 6-8 digits long) and the site will ask you for the number before letting you into the site.  There are a number of other methods of enabling two factor authentication including using Google Authenticator to generate a new key the first time you login to a new device.  Some sites and services will ask you for password recovery type words like “your mothers maiden name” when you setup their service.  Every time you login to their site on a new device they ask you for that answer as well as your login and password.

If you have the option to use Two Factor Authentication I would recommend you use it on every site or service that has it.  Some do not advertise its availability so you need to dig thru their security preferences to find it.  This way someone will need both your login/password and physical access to your cell phone to even have a chance of getting into your account.  Once you have provided both factors to them, they trust you on that specific device moving forward.  You can of course trust many different devices


How to manage and remember passwords

Password managers are the simplest way to keep track of a bunch of complex passwords.  Generally it is recommended that you should have different very long unique password for every service or site.  This is just too much for average humans to manage.  There are a number of password manager options including Keepass and Lastpass.  Keepass has the security advantage of storing the password file locally on your computer, but it does not sync between devices.  Lastpass stores the passwords in the cloud, which could be a security risk if their site ever gets breached (and they have before) but it has the advantage of being able to sync the passwords between all your devices if you install their app on all of them.   For Lastpass however I would recommend if you are going to use 2 factor authentication anywhere this is definitely the most important service to use it on.  You can also put region restrictions on your account as well so your account can only be accessed from your home country.  Lastpass also offers a service that will check if your accounts are on any known hack lists and it will also make suggestions on how to improve your passwords and security.

Part 3 WIFI



From → RV Tech

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: