Most Passwords Vulnerable to Hacking; Here's How to Beef up Your Security | NBC Bay Area

Most Passwords Vulnerable to Hacking; Here's How to Beef up Your Security

A new report says the vast majority of passwords are not secure enough, but tips can help you improve



    (Published Wednesday, Jan. 16, 2013)

    Is your p@55w0rd secure? Probably not.

    More than 90 percent of user-generated passwords will be vulnerable to hacking in 2013, according to a new report from consulting firm Deloitte.

    Even those passwords deemed secure by IT departments can be hacked, and those break-ins could result in billions of dollars of losses, Deloitte said in its Technology, Media, Telecommunications Predictions 2013 report, released Tuesday.

    Experts and e-commerce sites long recommended that users have an eight-character password with mixed-case letters and at least one number and symbol.

    Such a password -– chosen from all 94 available characters on a standard keyboard – is one of 6.1 quarillion possible combinations, according to Deloitte's report (PDF).

    But that's no longer good enough – especially since mobile devices make people less likely to create complicated passwords because of the multiple screens often required to see all characters.

    Generally, people tend to use familiar combinations and tricks to make passwords easier to remember, often relying on common symbols, Deloitte reports.

    The 10,000 most common passwords are employed by more than 98 percent of users, according to a 2011 study by a password expert.

    Password reuse among multiple sites is an even bigger problem, allowing hackers who've obtained one password to access other services protected by the same code.

    Here are some tips from Deloitte:

    • Never keep your passwords in an unencrypted place.
    • Use longer passwords. Even 1-2 additional characters make hacking much more difficult.
    • Use truly random passwords, and employ a password manager or password vault to create and remember all your passwords. Use an extremely strong password to access it, or employ multi-factor authentication (see below).
    • Use multi-factor authentication, where you log in to a site, then get another password sent to your cellphone.
    • Some companies may begin to use biometric verification - including fingerprint or iris scans.

    For most users, Johnny Gannon, a 25-year-old hacker and coder, says he's a fan of password managers such as LastPass.

    "You have one password to log in and they’ll generate a random password for each website you want to make an account for," Gannon said. "It’s the best solution right now."