Passwords are a part of life for everyone these days. Almost everyone you know will have a password to protect something in their life, be it Facebook, email, access to your phone or laptop, internet banking – the list is endless. You’ve probably come up with a few tricks for keeping secure – but its not enough!
Researchers at Peking University recently completed a study entitled Targeted Online Password Guessing: An Underestimated Threat and published a paper on their alarming findings. The paper discusses how they were able to successfully crack a large number of passwords in less than 100 guesses!
Even if the hack attempt was manual, that is still a very small amount of effort for something that could be worth significantly more to whoever’s trying to access your accounts. In this instance, the researchers created a password guessing algorithm called TarGuess which had an overall success rate of guessing 73% of password in under 100 guesses!
TarGuess’s secret to figuring out these passwords is research. It gets to know as much about you as possible for starting its cracking. It bases it guesses of Personally Identifiable Information (PII) that is presented to the system.
Personally Identifiable Information is much easier to get hold of then you might think. Starting with your Social media accounts, Facebook, Twitter etc. Other bits of PII can come from data breaches and releases that have happened out of your control, such as the half a billion Yahoo users who had information leaked (such as D.O.B’s). There is probably a lot more information out there about you than you know!
Your password need to be secure, they need to be unique and they should never contain any PII such as names, D.o.B.s etc. Ideal passwords are a randomly generated set of characters with no basis on anything. All the personally identifiable information in the world isn’t going to help a hacker crack that!