A professional hacker reveals how to create the best possible password
- Creating a strong password that is easy to remember but difficult to guess can be tricky.
- That's why IBM's Etay Maor suggests using an entire phrase as your password rather than a random string of numbers.
- Since a phrase is notably longer than the typical password, it would be much more difficult for an algorithm to crack it.
- Visit Business Insider's homepage for more stories.
Today, we use our smartphones and the internet for nearly everything - from mobile banking, to keeping in touch with friends through social media, sending work-related emails, and much more.
And many of the apps and services we use to do so are protected by a password, a defense mechanism that's become increasingly easy for malicious actors to crack. That's why it's important to create a password that's strong and complex, even if it makes it more difficult to remember.
The perfect password may not exist, Etay Maor, an executive security advisor at IBM Security, told Business Insider. But he said there is a technique you can use to create passwords that are tough for hackers to figure out but easy to keep top of mind. Maor suggests creating a "passphrase" instead of a password.
"Even if you choose a password, which is let's say eight to 10 characters long and very complex . . . it's still pretty easy for a computer to guess it pretty fast," said Maor, who studies cyber criminal tactics on the dark web to teach clients how hackers work so that they can better protect themselves.
The passphrase technique is exactly what it sounds like. It entails coming up with a memorable phrase that you can use in place of a password, since the longer the password is, the more difficult it is for a machine to crack.
For example, you could choose a phrase like, "I want to go to a Bon Jovi concert," and turn that into a password. "A computer will take, I don't want to say an infinite amount of time, but a not realistic amount of time, to be able to guess it," Maor said.
A common technique algorithms use to guess passwords is what is known as a "brute force" attack, which is when the intruder would keep guessing various character combinations until it finds a match. It's a task that would be very time consuming for a human but relatively easy for a computer.
"For computers today, keep in mind how many [central processing units] are in a computer and the fact that you can use multiple computers, it actually doesn't take long to be able to generate a list of all the possible combinations of letters and numbers."
But an even better strategy for making a secure password, says Maor, is letting a computer create one for you. He suggests using a password manager like LastPass or 1Password, which can generate complex, randomized passwords on your behalf and auto-fill them when you log into services on the web.
This can help you avoid the critical mistake of using the same password for multiple websites. "Don't take that task on yourself," he said. "Have an algorithm do that for you."
Receive a single WhatsApp every morning with all our latest news: click here.
Also from Business Insider South Africa:
- You are still legally required to pay e-tolls — here's what will happen if you don't
- SAA offers an annoying new perk to business class passengers — it's symptomatic of a bigger problem
- The Canadian investor who just dropped R17 million on 100 pairs of rare sneakers reveals why he thinks it's worth the investment
- This startling graph shows how many Africans are now using the internet - far more than in North America, and on track to beat Europe
- Herbalife, Amway, Avon and others: Almost a quarter of full-time sellers have quit in South Africa