Developing strong passwords that are easy to remember

Today there is a password for everything in our daily lives; Facebook, bank account, grocery membership cards and even unlocking your cell phone. Hacking methods and tools are becoming more sophisticated and easier to use.

For example, at a popular cybersecurity event (DEFCON), an 11 year old boy hacked into Florida’s election website system in just under 10 minutes. Luckily in this case, the hack was performed on a replica of the election system*.

You entrust confidence in your banks and other institutions to keep your financial and personal data safe. We have found that even the biggest companies and government entities are sometimes incapable of doing this and are they are slow to report that a breach happened.

Knowing this, consider things you can do to safeguard your information when one of these institutions are negligent with your data and allow a breach to occur.

Terms to know:

Social Engineering – This is an attack vector used on people to trick them into giving you information, usually for malicious reasons. This includes things like “tailgating” or allowing a stranger to follow you into a secured. Another example is accepting a USB storage device (jump drive, thumb drive etc.…) from an unknown source. The person may have good intentions to offer you this nifty 10 GIG drive but there may be an underlying motive to gather information. This is called a Rubber Ducky. This disgusted USB storage device has a non-visible instruction set to wreak havoc on your computer. Consider having an IT professional clear anything on a USB device before putting in your computer.

Brute Force Attack – This method of password cracking goes through a series of every possible combination of alphanumeric passwords until the password is discovered. An example would be abc123, abc124, abc125 … so on and so forth. The downside of this attack is it takes lots of time especially for longer passwords. Brute Force attacks might be used to crack 4 digit PIN numbers for bank cards. (NOTE – If you even suspect your ATM bank card is missing, contact your financial institution immediately to suspend and or request a new card with new numbers)

Dictionary Attack – This method of password cracking uses a precompiled file with various combinations of passwords. This file can contain commonly used passwords like “password123”. The file may also contain password combinations after conduction a social engineering investigation. For example, A dictionary attack file in Georgia may contain many variations of: falcons#!, ILOVEUGA, bravesbaseball, ATL123, I LoveMARTA, etc..

What is my best line of defense?

My recommendation is what is called a Random Alphanumeric Paraphrase. This method entails choosing three random items that have nothing to do with one another but can be something you can remember.

Phase 1 – Find three random things. ex. moose, fan, lime

Phase 2 – Replace the letters with numbers, symbols and capital letters ex. M0053f@nL1m3

Phase 3 – remember your new fun paraphrase.

Moose, fan and lime transformed into this M0053f@nL1m3 make it extremely difficult to run both brute force and dictionary attacks to exploit your passwords. Hackers usually will not spend an absorbent amount of time trying to crack a password. If it does not come fast and east they tend to move on to the next victim.

Stay safe and protect yourselves.

Orcannus Technologies.

*11 year old boy hacking:
https://www.reuters.com/video/2018/08/14/11-year-old-hacks-replica-us-election-we?videoId=45455691

Leave a comment

Your email address will not be published. Required fields are marked *