It’s Monday morning. You sit at your computer with your coffee. You type in your password to log into your computer. Your password is secure because you have a capital letter, a lower-case letter, a number and possibly a special character. You’re at ease because you’re secure. But really, are you though?
In this article, I will take you down the rabbit hole of how people, very bad people, can get access to your or your company’s data.
If you have a password, I can enter every single possible password until the right one fits but that would be a very wasteful and inelegant way of doing things.
Let’s play 20 questions instead.
Question 1 – Is it password1?
Password1, password1 or even p@55w0rd1 and any of its closely (or distantly) related siblings are at the top of the guess list. If you have something similar as a password, consider it breached. I literally just guessed it first try on an article I’m putting minimal effort into so a person who is trying seriously will break it in no time.
Question 2 – Is it a common password that isn’t password1?
Qwerty, iloveyou, abcdef and freedom are passwords that fall into this category. They’re not at the top of the list but they’re still in the top 100. Remember, your name, your company name, names of your kids or your favourite footy team are all words and they will get cracked instantly. You can search for a top 100 passwords list and see if your password or some other form of it is listed.
Question 3 – Is it a word and a number?
Wednesday1, September2020, Dockers1995 – If you have a word and a number at the end, this is the part of the game where you get eliminated. To give an estimate of how long it would take, this would be in the 5-10 minute mark, if you’re lucky.
Question 4 – Is it a password with 1 capital letter, 1 small case and a number or special character with 8 characters total?
Let’s do some quick maths.
A-Z counts for 26 possible entries. A-Z count for another 26. 1-0 counts for 10 possibilities, all the special characters add up to 32. This totals up to 94 possibilities in each digit.
94 to the power of 8 gives us 6,095,689,385,410,816 possible passwords.
If I have one computer running 24 hours a day to guess all the possible passwords, it would take roughly 2 weeks at the most. If your password falls into certain patterns, it can be brought down to as low as 4 seconds.
Question 5 – What should I do next?
If you’ve survived this far and your password hasn’t been breached, congratulations! Your password takes longer than 2 weeks to break but it’s only a matter of time.
Consider 2 factor authentication – getting a message or a code on your mobile every time you want to log in means even if someone manages to guess your password, they can’t get in without your mobile phone. This works even for Windows logins and services such as Microsoft 365. Speak to an account manager if you’re an existing customer or call in to chat to our Sales Team if you would like to learn more about Qbit. Stay safe out there, it’s a crazy world.