Cracking your online passwords: Easy as 1-2-3 - Boston News, Weather, Sports | FOX 25 | MyFoxBoston

Cracking your online passwords: Easy as 1-2-3

Posted: Updated:
CHICAGO (FOX 32 News) -

You can't get very far these days without a password. Whether you're checking your email or doing some online banking, passwords get you in, and supposedly keep criminals out. But, just how much protection do you get from your password?

Hackers and other online criminals have become increasingly sophisticated when it comes to what's called "cracking" passwords.

Some people use the names of brothers or sisters for passwords, while others use famous names. And it seems everybody likes to use their pet's names.

Nick Percoco is a vice-president at Trustwave, a Chicago company which helps businesses make sure they are protected against online hackers. Earlier this year, Trustwave analyzed 3.1 million passwords. The single most popular password? "Password1," with a capital "P."

Most passwords are eight letters in length. The top three categories are: boy's names, dog's names, and then girl's names. All of which, it turns out, can be easily cracked by criminals.

"When they ask you to choose and seven character, eight character passwords people generally choose very poor passwords," Percoco explains.

Here's why you're at risk with those passwords. Hackers, according to Percoco, typically hack into a database and steal thousands of user names and passwords at the same time. Sometimes, the passwords have been encrypted, or you might say, jumbled. But either way, the criminals will run them against some very unique dictionaries.

The criminals actually have a dictionary that contains all of the popular names, all of the popular dog names, all the state's that people live in, all of the popular combinations that they use within their passwords," Percoco says.

Eventually, the hackers get a match, giving them the password that goes with a username.

"Typically, we see criminals going after banking account information and so when they get ahold of your username information to your banking account, hey can go in and transfer all your money out," Percoco says.

To show how it's done, Percoco asked us for a list of passwords. We gave him some six letter combinations, like "fox321," longer combinations like "fox32news," and a popular dog's name, "Bella" with the number 1 to give it six digits.

Percoco placed them in secure files like those targeted by hackers. He then extracted them, and ran them through a password cracking program that's widely available to online hackers. It took less than two minutes to crack our passwords. So how do you protect yourself?

"When you add length to a password, it really increases complexity, dramatically," he adds.

Percoco says lots of people think they're safe if they simply use random combinations of letters, numbers and symbols. But those are cracked almost as quickly. The only real protection, he says, comes by making passwords longer than eight digits.

Nine and ten digits seem to be where you're going to exceed the criminal's patience, Percoco says.

Look at the difference! Running 24,000 completely jumbled passwords through the cracking software, seven digit passwords are cracked in eight and half minutes. The ten digit passwords will take fourteen years!

"15 characters we're at 107 billion years…for us to crack those passwords," says Percoco.

Trustwave's recent report concludes: "the days of passwords are gone." Percoco says that instead of something like "cubs123," use something like "cubswinnextyear." Its 15 letters long and the Cubs could win a pennant before the crooks will crack your password.

To better secure yourself, Percoco recommends getting, "away from thinking about something as just a password, and try to move toward pass phrases."

Follow Us!

Share Your Photos & Video

Powered by WorldNow

25 FOX Drive
Dedham, MA 02026

Phone (781) 467-2525

Didn't find what you were looking for?
All content © Copyright 2000 - 2014 Fox Television Stations, Inc. and Worldnow. All Rights Reserved.
Privacy Policy | New Terms of Service What's new | Ad Choices