Monday, July 27, 2015

1234

In the old days when computers were still confined to a desk and cell phones had antennas and flipped open, you could use your mother’s maiden name as a password for America OnLine®, and it would be secure. But now your password needs to contain 20 characters, including numbers, special characters, at least one upper case letter, at least one lower case letter, a Greek symbol, your star sign, the secret coordinates of Alderaan (Princess Leia knows), and the feathers of a rare golden eagle. Even then, it will only take a computer hacker five minutes to break into your Facebook account and sell all your FarmVille animals as he charges several luxury cars to your Visa®.

Not that the average person makes it hard for hackers. Every year, various groups compile a list of the most common passwords. And when I say ‘most common,’ I mean millions of people use them even now. If your password is on this list, hang your head in shame—and go change your password immediately.

10 Most Common Passwords of 2014
List compiled by SplashData
 1. 123456 (Okay, this is just lazy.)
 2. password (You thought it was cute, eh? You and 40 million other people agree.)
 3. 12345 (Even lazier than #1.)
 4. 12345678 (Sigh. You’re not even trying. Why don’t you write us a check?)
 5. qwerty (Another sigh.)
 6. 123456789 (Yeah, adding the nine really made #4 secure.)
 7. 1234 (You deserve to be hacked.)
 8. letmein (Tryharderidiot.)
 9. abc123 (Seriously?)
10. 111111 (I want to slap you. Hard.)

According to security expects, hackers can get into more than half of the sites in the world just by using the top twenty passwords. You can find other lists on the Internet and generally gather the proof that humanity is doomed due to terminal stupidity if Congress hasn’t already convinced you.

The bad news is that you can’t secure your sites with even with a hard password. They have computer programs that will eventually brute force their way into your account if they’re really motivated. All you can do is make it harder for the hackers so that maybe they will move onto another victim. This is similar to out-running your companions when being chased by a bear or throwing A1 sauce onto the other missionaries when confronted by hungry cannibals. (There are few things more dangerous than a thin cannibal, and almost all of them are in Hollywood or Congress.)

Some websites have moved to a two-step authentication process where you use a password and answer a question or they text a code to your cell phone. Other sites are even using fingerprint scanners for the second step. This sounds complicated, but not to worry. Most people do not enable two-step authentication because they think it takes too much time, it’s too hard, they’re lazy, they want to lose all their money, or they fell out of the stupid tree and hit every branch on the way down.

Of course, if we lived in a better world, hackers wouldn’t be so common and our accounts and websites would be safe. I’d also like a dragon steed, a magic sword, and a castle on a beautiful island. All are equally likely.

You can use password managers, such as LastPass or RoboForm Desktop, to alleviate some of your security concerns. Those are programs that will supply you with long, long, long passwords that you can never remember and hopefully discourage hackers who like easier targets. The password manager keeps track of those hideously long passwords for you, and all you have to do is remember the  password for your manager. Have you tried 1234?

(Copyright 2015 by Stephen B. Bagley. From the forthcoming book Floozy Returns.)

No comments: