US News

Password ‘secret’

You’d better think twice before you make “abcdef” your next password.

If a password contains just six lowercase letters — especially if it’s a common word or combo — a cyber-thief can figure it out in 10 minutes, according to a study from SecurityCoverage Inc., a password-security firm.

A six-character password of numbers and symbols boosts complexity enough that a skilled hacker would need 16 days to break it, the study found. “There’s just not much middle ground,” he said. “I think that’s why so many people simply don’t put effort into, and then you see “12345” as a secure site password.”

But real security comes from something people rarely do unless they are forced, make a longer password with random numbers and symbols.

According to the company, an eight-character password with random letters, numbers and symbols will take 463 years to break. Nine random characters will take a whopping 44,530 years the company found.

“People are careless because they don’t understand the threat,” said Ed Barrett, VP of marketing for SecurityCoverage. “LinkedIn was compromised in June and had 6.5 million passwords leaked.

“What did they find when they started cracking those passwords? Phrases like ‘link’ and ‘12345’ are being used very commonly… and as a security professional you want to really just scream.”

SecurityCoverage, which makes a security app called Password Genie, reports that the average web surfer visits 25 password protected sites. That’s so many passwords to remember that 33 percent of users use the same password on every site.

The simplicity of the common password became evident earlier during the LinkedIn hack, in which six million passwords were stolen. Hundreds of thousands of Yahoo passwords were also stolen and released on the internet this year.

A look at the stolen passwords in the two incidents showed just how poorly people were protecting themselves. The 10 most used passwords on both sites included words such as “ninja,” “princess,” “god” and “sex.”

One of the most common was actually the word “password.”

“You can either use strong, complex passwords to be safe and then have difficulty remembering them, or you can use simple, weak passwords but suffer from being more easy to decipher,” said Barrett.