How to Develop Hacker-Proof Passwords

With all the publicity about cyber fraud, many people are rethinking their online security and trying to come up with hacker -proof passwords.  Is there really such a think as “hacker-proof”?  At the very least, you have better odds that  a hacker is unable to gain access to your email, bank account, credit card information or any other online accounts.

HERE’S HOW:

HOW PASSWORDS ARE STORED HOW TO CREATE BAD PASSWORDS
Your bank, credit card and other sites you use don’t actually know your password nor do they want to know it. They store in their database which is referred to as a “hash”. A ‘hash” is your passwords digital thumbprint. The server takes your password and runs it through what is called a “hash algorithm”. The result looks something like this:

 

When you login, the server compares the hash stored in its database with what you have just input. If the hash matches, they know you have entered the correct password. Hash algorithms are not a secret, in fact they are well known.Though it is nearly impossible for hackers to calculate all possible hashes for all possible passwords, they have already done this for the obvious ones. Avoiding the obvious passwords is best to avoid hacking.

So, what is a “bad” or obvious password?

  • The name of any person, real or fictional, alive or dead.
  • The name of any place, such as a city or state you live in or the street where you live.
  • A common phrase like “iloveyou” or “letmein”
  • Any of the above, with common character substitutions (@ for a or zero for 0).
  • Repeat characters or well-know patterns (“aaaaaaa” or “1234567890”).

If you use any of these strategies above, it is just about guaranteed that anyone who wants to hack your account can do so at any time.

BEST PRACTICES FOR THE BEST PASSWORDS

There are two basic rules for bulletproof passwords:

  1. The longer and more random the password, the better.
  2. Use a different password for every account, app or website.

Many people think “There is no possible way I can remember a unique and complex password for every login I create!” The trick is to create a formula that combines a few password components in a way that you can remember.

HERE ARE SOME BUILDING BLOCKS TO CONSIDER:

Pick a Base You Won’t Forget [BASE] Throw in a Random Number That You Won’t Forget [RANDNUM]
This should be a moderately long word, perhaps a mix of a few different words. “ChickenFeet” or “FlopEars”for example.

 

 

By itself, a date or or number makes a lousy password, but a memorable number can make a great addition to your password. Never a date such as your birthday or Social Security number. An important date in history such a 1989 (the year the Berlin Wall fell) works well.
Use Words That Change With the Times [TIMEWORD] Use Some Letters From the Name of the Website or Services [URLSNIPPIT]
Security experts suggest changing your password every few months. What if you chose a different 10-letter word for every quarter of the year. You can use “squeezable” from January to March, then switch to “unmuzzling” from April through June, “skyjacking” the third quarter and “complexify” for the last quarter. Though it is never a good idea to use a website URL for a password, you can use some letters from the website name to make it unique for that site.

 

Now glue the elements together in a way you will remember:

  • BASE + TIMEWORD + URLSNIPPET + RANDNUM
  • TIMEWORD + BASE + RANDNUM + URLSNIPPET
  • RANDNUM + URLSNIPPET + BASE + TIMEWORD
  • URLSNIPPET + BASE + TIMEWORD + RANDNUM

Now you have created a unique password for every website, account or app that is nearly impossible to hack.

Reprinted with permission from First American Title Insurance Company.  First American Title Insurance Company makes no express or implied warranty respecting the information presented and assumes no responsibility for errors or omissions. First American, the eagle logo, First American Title, and firstam.com are registered trademarks or trademarks of First American Financial Corporation and/or its affiliates.
AMD: 05/2017

CHERRY CREEK TITLE SERVICES IS AN INDEPENDENT POLICY-ISSUING AGENT OF FIRST AMERICAN TITLE INSURANCE COMPANY