Hackers don’t sit at a computer and try to guess your password by entering an educated guess one at a time into the login form for your bank account, Facebook account, iCloud account, etc.
They write a program that cycles through the educated guesses and automates the process of checking to see if it is a valid password. That’s about as much detail as is necessary. The point is, if your password is your first initial, last name and the month and day of your birthday, it’s going to eventually get “guessed.”
Enter “random” passwords.
Let’s pretend you chose your password to be a random string of 5 letters: owihl
There are 5 spots in this password, each of which that could have been occupied by 26 different characters (letters in this case). That means there are 26 X 26 x 26 x 26 x 26 or 265 = 11,881,376 possibilities. For a computer, that’s not very many to “guess” before finding the right one. BUT, what if the length of the password was unknown? Then you have to run this check for passwords of length 3, 4, 5, 6, 7, 8….
Now what if we added a number at the end that was 3 digits. A random number. Now we have 11,881,376 * 10 * 10 * 10 = 11,881,376,000 possibilities.
Random passwords are pretty hard to hack. But let’s face it, most passwords are not random. You have to be able to remember them, right? So you use your name or your kid’s name or your favorite name. Or you use your favorite color or sports team or sports team’s mascot. Then if you’re trying to be super secretive, you add a number…like 1….or your birthday….or your favorite number….or your kid’s birthday…or the year you were born…or the year you created the password….or 2.
Then maybe you capitalized a letter because iCloud/Apple made you. You probably capitalized the first one. You didn’t use any weird characters like $ or % because you didn’t think to, or you thought maybe that would mess up the form and not let you login.
- Use the weird characters. Stick them in the middle of your password. Or the beginning. Or the end!
- Stop using your name.
- Stop using your birthday or the numbers 1 or 2. But use numbers!
- Capitalize a different letter than the first one. Capitalize more than 1!
Wanna know where your passwords are safe? At your house on a post-it note. I know, I know, then other people in your life can see them and login to your stuff. But you know who CAN’T? Hackers.
The best place to store a password? In your head.
While we are at it:
- Don’t use the same password for everything.
- In particular, passwords that protect your money and your …naked pictures… should be separate from all other passwords.
- Change these passwords a few times a year.