With many websites and applications requiring a password, it’s important to use best practices to insure you keep them secure. This simple password hack will help you do just that.
Truths about passwords
- Passwords need to be long. A short password is easier to crack than a longer one.
- Passwords need to be something a criminal couldn’t guess. Don’t use one of the top 10 most hacked passwords.
- Passwords need to contain all types of characters, both upper and lower case letters, numbers, and special characters (!@#$%^, etc.).
- Passwords need to be different for each site or application. If you reuse a password, there can be a case where one of those services is hacked and the crook gets the password. Now they have a password to multiple services.
- And you need to be able to access your long, un-guessable, password containing all types of characters.
That’s where a password manager comes into place. I talk about password managers in this article as I ponder leaving LastPass because of them not doing what I pay them to do, like keep my passwords locked up.
The main flaw with password managers
With a password manager you wind up with all your eggs in one basket. If someone takes the basket, they get all your eggs. This simple password hack can prevent that.
In LastPass’ case, someone stole the basket of eggs, containing my and many other people’s passwords (LastPass won’t say just how many customers were affected). Although they were encrypted, if someone did not have a strong master password, the bad guys might be able to crack into the basket.
The problem with easy passwords
The problem with using an easy to remember password is that they are also easy to crack. Let’s run a test on an easy password using Steve Gibson’s Password Haystacks: we’ll use “dogandcat.”
According to Haystacks, it would take 56.47 seconds to crack that password using a fast attack. Now let’s make some changes and see what happens.
Dogandcat – 7.87 hours simply by using one uppercase letter.
Dog-and-cat – adding hyphens increases this time to 5.38 centuries.
Dog-and-cat12345 – adding 5 numbers at the end makes it 1.41 hundred billion centuries.
Passwords Are Easy To Make, But Hard To Remember
Yeah, I know my password is “dog and cat” something, but what? That’s where a good password manager comes in.
A password manager not only stores your passwords, but can help generate them as well. I just generated this password using LastPass and ran it through Haystacks:
wEaYRFqRSg%*6MY^8ZV! – 11.52 million trillion centuries.
That’s a pretty good password.
But this password can still be vulnerable if someone steals the basket. That’s where this password hack comes in.
Simple Password Hack
All you need to do in order to use this password hack is “salt” your passwords. By “salt,” I mean to add something to them that’s not stored in your password manager. Something like a zip code, phone number, address, or just a word. Anything just a few characters long will do.
It goes like this: Let’s use someone’s birthday. How about Elvis? January 8, 1935 (1835).
Simply let your password manager insert the password, then you add the salt.
wEaYRFqRSg%6MY^8ZV!, which is stored in your password manager becomes: wEaYRFqRSg%6MY^8ZV!1835,
or 1835wEaYRFqRSg%6MY^8ZV!,
or wEa1835YRFqRSg%6MY^8ZV!.
This password hack works the same wherever you insert the salt. Just pick a spot and use it on all your passwords (hint: use the same spot on all passwords.)
And you don’t have to use the salt on all of your passwords, just the most sensitive ones. Use it on any site or app that would cause you to lose something if someone was able to get into it.
Safe from password manager Failures
See, even though criminals stole my basket of eggs from LastPass, and even if they were able to crack my master password (according to Haystacks, it would take 13.44 trillion centuries) they don’t have my passwords.
Take that, crooks!
So try this simple password hack on your passwords and know that even if your basket of eggs gets stolen, you can still rest assured that the crooks don’t have your passwords.
