How secure are your passwords?

Do you use any of these passwords? If the answer is yes, your computer could be hacked almost instantly.

This post is by Felix Jorkowski- Co-founder of Kalix and Head Software Engineer

From time to time, there are stories in the media about hacker attacks on websites or computer networks. You may remember last year, the computer network at a Gold Coast medical center was hacked and their patient files corrupted. Have you wondered how hackers gain access to systems like this? To put it simply, hackers look for vulnerabilities (or weaknesses in computer systems), they then use these vulnerabilities to compromise the system. These weak spots are often referred to as “security loopholes.” Today I thought, I would discuss a much-overlooked security loophole – you.

Weak Passwords

Can you guess, what is the most critical aspect of security in a cloud-based system? No, it isn’t using Anti-virus Software… It’s your choice of password! Yes, the hackers, were able to access the Gold Coast medical center’s server by hacking their password. I think this cartoon explains it well.

The hackers, of course, didn’t literary hit the medical center’s staff on the head! They either guessed what their login password was or used password cracking software to hack it.

The table below shows the amount of time it takes for password cracking software to generate every possible combination of letters for a given number of characters (courtesy of Lifehacker). Longer passwords take much longer to hack, 5 minute for a 6 character password to 4.5 years for a 10 character word. Likewise, passwords containing a combination of characters (uppercase, lowercase, and symbols) take more time hack compared to lower case only (from 2.23 hours to 2.21 years for a 7 character password).

Alternatively, some hackers just guess what a password is. You can have all the layers of encryption possible, but if your password is literally the word ‘Password,’ it will take a potential hacker just seconds to access your personal data. You’re probably wondering who would use something so obvious, but take a look at the list of the most popular passwords, do you use any of these? (courtesy of SplahData).

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball
  11. iloveyou
  12.  1234567
14. sunshine
15. master
16. 123123
17. welcome
18. shadow
19. ashley
20. football
21. jesus
22. michael
23. ninja
24. mustang
25. password1

Sharing Passwords

Another common mistake is reusing the same password on multiple sites. I have to admit, this is something I’ve been guilty of in the past. I changed my practices after the social networking website LinkedIn was hacked last year. The hacker stole nearly 6.5 million users’ passwords. If someone looked at the list and found my email and password together, they would have had easy access to a number of my other accounts.

Unfortunately when sites do not follow best practices, or human error occurs, password leaks can occur. The only way to stop these leaks from spreading, is to have a different password for each service you use. Of course, actually trying to think of unique passwords for each site, making sure they are ‘strong’ passwords and then remembering all of them, is near impossible! Luckily there is a simple solution…

Useful Password Tools

I’ll give you a small insight into what my own personal passwords look like (of course these are not my actual passwords!)

Google – vBMEVdHtFMbPtm5aWpSCPTQRy

LinkedIn – hSTw@CJNyyxH@NB4GtdFn9drd

In total I have about 50 passwords like this, including my banking, email, business-related services – the list goes on. Using these passwords makes it almost impossible for anyone to break into any of my accounts, and if one account is compromised then I can rest easy knowing, my other accounts are safe.

These passwords are also impossible to remember, which is why I use a product called lastpass. This is a password manager generates long ‘hack-proof” passwords for all of my logins and holds them an encrypted format. The passwords can only be “unlocked” by a single ‘master password.’ But if you use a ‘weak’ master password, you are right back to where you started. The trick is choosing a secure password, that is also easy to remember!

There is a great site where you can create your own strong password out of four random common words: passphra.se. I recommend that you keep generating passwords on this site until you find one you can remember.

Single Sign-on + Two-factor Authorization

Some sites do security really well are Google and Microsoft. These sites offer a feature called ‘two-factor authorization.’ When you want to log in, you have the option of also entering a code that is sent to your mobile device. It adds an extra security step, as any potential hacker would also have to steal your phone to log into your account.

While Kalix does not offer ‘two-factor authorization’, we do offer you the ability to log into our site via these highly secure sites. This method of logging is called ‘single sign-on.’  Our Google, Facebook or Microsoft ‘single sign-on’, effectively sends you to the selected site to sign in and by doing so this, the site verifies your identity for us. By using this feature, you can get all the extra security of using ‘two-factor authentication’ plus the added benefit of not needing to remember another password!.

Protecting Your Clients

Ensuring your client records remain safe and secure is very important. At Kalix, we work hard to make sure we follow best practices in security. However, as customers, there are steps you must take to close ‘the security loop’.

  • Choose strong passwords: at least 8 characters (the longer, the better), with a combination of uppercase and lowercase letters, numbers, and symbols.
  • Do not choose commonly used passwords.
  • Do not re-use the same password on multiple sites.
  • Consider using a password manager to generate and store ‘hack-proof” passwords.
  •  Use ‘single sign-on’ for Kalix.

Leave a Reply

Your email address will not be published. Required fields are marked *