Guess What? Time to Change Your Password—and Buy Flowers
CNBC.com News Editor
Your password, like your lady, has been neglected for far too long. So guess what? Like Valentine’s Day before it, someone came along and declared a day dedicated to you giving attention to your password.
The wizards over at Gizmodo declared today Change Your Password Day.
First of all, if, like Valentine’s Day, you’re just not that into it yet, consider this: Your passwords aren’t as secure as you think. Our friends over at Lifehacker have a whole story by iFusion Labs CEO and blogger John Pozadzides titled,“How I’d Hack Your Weak Passwords.”
Suddenly, little chocolates in a heart-shaped box and a password change or two don’t sound so bad, eh?
First, he knows how to get inside your head. He’ll find out your Social Security number, your spouse’s birthday — even your puppy’s name. (That’s right, Buster, not even you are safe!)
Still not scared?
Pozadzides said he recognizes that your personal information and dummy passwords like “password” and “123456” (seriously, you’re not still using one of those, are you?) only cover about 20 percent of what your password could possibly be.
So guess what comes next?
Two words: Brute force.
"If you keep the same password for prolonged periods of time my chances of cracking it are greater by using brute force, which is where I strategically come up with various combinations of passwords until I crack it," said Renee Chronister, the CEO of Parameter Securityand Hacking University, which teaches businesses how to fight hackers — by thinking like hackers.
There is even specially written software that has been designed with the sole purpose of hacking your password. Wait, it gets worse — Insecure.org has a list of the top 10 FREE password crackers.
Can you hear me now?
The first step, is to admit that your password sucks.
And guess what No. 2 is?
Admitting that you and your weak passwords, that you keep using across sites from Amazon to Zappos — are a big part of the problem. It’s like leaving your front door unlocked with a pile of money and a thank-you note by the door.
Please, come rob me.
Thank you. Come again.
How fast can a hacker crack your password?
"This can be done in minutes," Chronister said. "If you frequently change your password then it makes it harder for me to crack as it keeps me guessing."
According to this terrifying chart, a password of four lowercase letters could be cracked in less than a minute. A six-character password, consisting of upper and lowercase could be cracked in less than 6 hours.
Sure, it’s annoying to add asterisks and upper-case letters, but guess what? Adding just one capital letter and one asterisk could change the amount of time it takes to crack your password from 2.4 days to 2.1 centuries, Pozadzides said.
Pozadzides and Chronister offer a few tips to help you make this The Best Change Your Password Day EVER:
1. Randomly substitute numbers for letters that look similar.
2. Randomly throw in a capital letter.
Chronister suggests using parts of song lyrics but changing the letters — something like "M@ry h@d a l!ttl3 l@mb its fl33c3 was wh!te a$ $now."
3. Think of something you were attached to when you were younger but NOT A PERSON’S NAME. Any name in the dictionary can be obtained by a brute force attack.
4. Do not roll your eyes — Use a different user name and password for every account. Seriously, did you just roll your eyes?
For example — and we shouldn't have to tell you this — don't use the same password for your online bank account as you do for Facebook or Twitter.
5. Here's something you probably didn't think of — "Answer security questions incorrectly," Chronister suggests. "Make up a pet name that you can recall or a different maiden name for your mom." The reason? The web is a big, invasive place — and that info is probably already out there in some capacity and "probably because you divulged it," Chronister said.
(Seriously? I hope by the end of this post you will admit that you are part of the problem. A BIG part of the problem.)
6. If you’re wondering how you'll ever remember all of these weird passwords, Pozadzides has an answer for that, too — use a secure password manager like RoboForm. And in case you’re not sold yet, he even created this RoboForm demonstration video.
OK, now get off that bench, get in the game and go change those passwords! And when you’re done, don’t forget the chocolates and flowers.
Happy Ch*nge Your Pa55word D@y, everyone!
More Stress Relief from CNBC.com: